Database as data source for authorization

For the implementation of authorization, 3 tables are required in the database for the administration of users, roles and rights, which are linked to each other by an n:m relation. You can use the wizard to generate the corresponding entities. Additionally the entities are linked by a mapping. This allows RapidClipse to handle arbitrary names of entities and attributes. If the default mapping is not suitable for your data structure, you can define custom queries for it.

Even if you use authentication via LDAP, you must store users in a database table to link users and roles. Users and roles must be synchronized at runtime.

Required data structure in general.
- User - storage of username, password, and additional user-specific information, if applicable. Labels used in RapidClipse APIs: User, Subject.
Roles - storage of roles / groups a user can belong to. In RapidClipse APIs used names: Roles, Usergroups, Userroles.
Rights - Storage of the rights that a role can have. States or conditions that must be fulfilled can also be stored here. In RapidClipse APIs used names: Permissions, Resources.

Data structure generated by RapidClipse.

*Entities

Entity

Attributes

Data type

Explanation

User

username

String

Saves the user name as a string.

password

byte[]

Saves the password as a byte array, usually encrypted.

roles

Set / List

List of all roles.

Role

name

String

Saves the name of the roles as a string.

resources

Set / List

List of all rights.

childRoles

Set / List

List of all roles.

parentRoles

Set / List

List of all roles.

users

Set / List

List of all users.

Resource

name

String

Saves the name of a permission as a string.

roles

Set / List

*Data Access
- UserDAO
- RoleDAO
- ResourceDAO

Database tables (using MySQL as an example) - Database tables generated by the (Hibernate) entity export function.

Entity

Data fields

Data type

Explanation

USER

USERNAME

varchar(255)

Saves the user data, including username and password.

password

tinyblob

ROLE

NAME

varchar(255)

Saves all roles.

RESOURCE

NAME

varchar(255)

Save all rights.

ROLERESOURCENM

ROLE

varchar(255)

Saves all role-rights combinations. A role can have many rights, a right can occur in many roles.

RESOURCE

varchar(255)

ROLEROLENM

CHILDROLE

varchar(255)

Saves all role-role combinations and thus allows nesting of roles.

PARENTROLE

varchar(255)

USERROLENM

USER

varchar(255)

Saves all user-role combinations. One user can have many roles, one role can be taken by many users.

ROLE

varchar(255)

Dealing with existing database - If there are already tables in your database for managing users, roles and rights, make sure that for each table there is a corresponding entity with associated DAO in your Project Management under Entities or ata Access. If not, you can import the missing entities and DAOs using the import function Create JPA entities from table. Different table and data field names are no problem due to the mapping performed later.

Define / generate resource table

Entity for permissions already exists - Select your existing entity.
No *Resource Entity exists yet - Click on New Entity… to create a new entity Resource including DAO ResourceDAO.
At Mapping > Resource name select the attribute for storing the user rights.
Click Next >.

Options:

Resource name - selection of the attribute for the user rights name.

Notice:

Mapping - If you have the entity Resource generated, you can take the default attribute Resource.name.

Result:

Project Management > Entities - The entity class Resource.java is generated or an already existing entity is used by selection.

Entity

Attribute

DataType

Resource

name

String
Project Management > Data Access - The DAO class ResourceDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

Define / generate Roles table

Roles table already exists - Select your existing Role entity.
1. If no Role Entity exists yet - Click on New Entity… to create a new entity Role including DAO RoleDAO.
At Mapping > Role name select the attribute for storing the roles.
At Mapping > Resources select the attribute for saving the rights.
At Mapping > Child roles, select the attribute for storing subroles.
Click Next >.

Options:

Role name - selection of the attribute for the role name.
Resources - selection of the attribute with the list (Set/List) of all rights for a role.
Child roles - selection of the attribute with the list (Set/List) of all subroles for a role.

Notice:

Mapping - If you have the entity Role generated, you can accept the default attributes.

Result:

Project Management > ntities
- Role - The entity class Role.java is generated or an already existing entity is used by selection.
  
  Entity
  
  Attribute
  
  DataType
  
  Role
  
  name
  
  string
  
  resources
  
  Set / List
  
  childRoles
  
  Set / List
  
  parentRoles
  
  Set / List
- Resource - The entity class Resource.java is extended by the attribute roles.
  
  Entity
  
  Attribute
  
  DataType
  
  Resource
  
  name
  
  String
Project Management > Data Access - The DAO class RoleDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

Linking users and roles

Table for the users (User) already existing - Select your already existing User entity.
1. No User Entity exists yet - Click on New Entity… to create a new entity User.
Select the attribute for the user name at Mapping > Subject name.
Click Create Attribute at Mapping > Roles to extend the entity User with an attribute that links the entities User and Roles.
Click Finish.

Options:

Subject name - selection of the attribute for the user name. Roles - selection of the attribute with the list (Set/List) of all roles of a user.

Result:

Project Management > Entities * *Role - The entity class Role.java is extended by the attribute users.

Entity

Attribute

DataType

Role

name

string

resources

Set / List

childRoles

Set / List

parentRoles

Set / List

User - The entity class User.java is extended by the attribute roles.

Entity

Attribute

DataType

User

username

String

password

byte[]

roles

Project Management > Data Access - The DAO class RoleDAO.java is generated. If an already existing entity is selected, no new DAO will be generated. Project Management > Business Objects - The class ExampleAuthorizationProvider.java is generated.

package com.company.demoproject.ui;

import com.company.demoproject.domain.Resource;
import com.company.demoproject.domain.Role;
import com.company.demoproject.domain.User;
import com.rapidclipse.framework.security.authorization.AuthorizationConfiguration;
import com.rapidclipse.framework.security.authorization.AuthorizationConfigurationProvider;
import com.rapidclipse.framework.server.security.authorization.jpa.JPAAuthorizationConfigurationProvider;


public class MyAuthorizationConfigurationProvider implements AuthorizationConfigurationProvider
{
    private static class InitializationOnDemandHolder
    {
        final static MyAuthorizationConfigurationProvider INSTANCE = new MyAuthorizationConfigurationProvider();
    }

    public static MyAuthorizationConfigurationProvider getInstance()
    {
        return InitializationOnDemandHolder.INSTANCE;
    }

    private JPAAuthorizationConfigurationProvider provider;

    private MyAuthorizationConfigurationProvider()
    {
    }

    @Override
    public AuthorizationConfiguration provideConfiguration()
    {
        if(this.provider == null)
        {
            this.provider = new JPAAuthorizationConfigurationProvider(User.class, Role.class, Resource.class);
        }

        return this.provider.provideConfiguration();
    }
}

Create database tables

For the newly generated entities User, Role and Resource corresponding tables have to be created in the database.

Entity > Database Export (Create tables)

Enter default data

It is helpful to enter some default data for the database tables USER, ROLE and RESOURCE.

Data Source Explorer