Database as data source for authorization

This continues the Wizard to create an Authorization Configuration Provider

For the implementation of authorization, three tables are required in the database for the administration of users, roles and permissions. These are linked to each other by an n:m relation.+ You can use the wizard to generate the corresponding entities. Additionally the entities are linked by a mapping. This allows RapidClipse to handle arbitrary names of entities and attributes. If the default mapping is not suitable for your data structure, you can define custom queries for it.

Even if you use authentication via LDAP, you must store users in a database table to link users and roles. Users and roles must be synchronized at runtime.

  • Required data structure in general.

    • User - To store username, password, and additional user-specific information, if applicable. Labels used in RapidClipse APIs: User, Subject.

    • Roles - To store the roles / groups a user can belong to. In RapidClipse APIs used names: Roles, Usergroups, Userroles.

    • Rights - To store the permissions that a role can have. States or conditions that must be fulfilled can also be stored here. In RapidClipse APIs used names: Permissions, Resources.

  • Data structure generated by RapidClipse.

    • Entities

      Entity

      Attributes

      Data type

      Explanation

      User

      username

      String

      Saves the user name as a string.

      password

      byte[]

      Saves the password as a byte array, usually encrypted.

      roles

      Set / List

      List of all roles.

      Role

      name

      String

      Saves the name of the roles as a string.

      resources

      Set / List

      List of all rights.

      childRoles

      Set / List

      List of all roles.

      parentRoles

      Set / List

      List of all roles.

      users

      Set / List

      List of all users.

      Resource

      name

      String

      Saves the name of a permission as a string.

      roles

      Set / List

      List of all roles.

    • Data Access

      • UserDAO

      • RoleDAO

      • ResourceDAO

  • Database tables (using MySQL as an example) - Database tables generated by the (Hibernate) entity export function.

    Entity

    Data fields

    Data type

    Explanation

    USER

    USERNAME

    varchar(255)

    Saves the user data, including username and password.

    password

    tinyblob

    ROLE

    NAME

    varchar(255)

    Saves all roles.

    RESOURCE

    NAME

    varchar(255)

    Save all rights.

    ROLERESOURCENM

    ROLE

    varchar(255)

    Saves all role-rights combinations. A role can have many rights, a right can occur in many roles.

    RESOURCE

    varchar(255)

    ROLEROLENM

    CHILDROLE

    varchar(255)

    Saves all role-role combinations and thus allows nesting of roles.

    PARENTROLE

    varchar(255)

    USERROLENM

    USER

    varchar(255)

    Saves all user-role combinations. One user can have many roles, one role can be taken by many users.

    ROLE

    varchar(255)

  • Using an existing database - If there are already tables in your database for managing users, roles and permissions, make sure that for each table there is a corresponding entity with associated DAO in your Project Management under Entities or Data Access. If not, you can import the missing entities and DAOs using the import function Create JPA entities from table. Different table and data field names can be used due to the mapping performed later.

Wizard pages

.1. Select or create Resource Entity

  1. Select or create Resource Entity

    1. Entity for permissions already exists - Select your existing entity.

    2. No *Resource Entity exists yet - Click on New Entity…​ to create a new entity Resource including DAO ResourceDAO.

  2. At Mapping > Resource name select the attribute for storing the user rights.

  3. Click Next >.

    Image not found

Options:

  • Resource name - selection of the attribute for the user rights name.

Mapping - If you have the entity Resource generated, you can take the default attribute Resource.name

Result:

  • Project Management > main-java > domain - The entity class Resource.java is generated or an already existing entity is used by selection.

    Entity

    Attribute

    DataType

    Resource

    name

    String

  • Project Management > main-java > dal - The DAO class ResourceDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

.2. Select or create Roles Entity

  1. Select or create Roles Entity

    1. Roles table already exists - Select your existing Role entity.

    2. If no Role Entity exists yet - Click on New Entity…​ to create a new entity Role including DAO RoleDAO.

  2. At Mapping > Role name select the attribute which for storing the roles.

  3. At Mapping > Resources select the attribute for saving the permissions.

  4. At Mapping > Child roles, select the attribute for storing subroles.

  5. Click Next >.

    Image not found

Options

  • Role name - selection of the attribute for the role name.

  • Resources - selection of the attribute with the list (Set/List) of all rights for a role.

  • Child roles - selection of the attribute with the list (Set/List) of all subroles for a role.

Mapping - If you have the entity Role generated, you can accept the default attributes.

Result

  • Project Management > main-java > domain

    • Role - The entity class Role.java is generated or an already existing entity is used by selection.

      Entity

      Attribute

      DataType

      Role

      name

      string

      resources

      Set / List

      childRoles

      Set / List

      parentRoles

      Set / List

    • Resource - The entity class Resource.java is extended by the attribute roles.

      Entity

      Attribute

      DataType

      Resource

      name

      String

      roles

      Set / List

  • Project Management > main-java > dal - The DAO class RoleDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

.3. Select Subject(User) Entity

  1. Select Subject(User) Entity
    At this point, User Entity should already exist. If not, create one with New Entity…​

  2. Select the attribute for the user name at Mapping > Subject name.

  3. Select the attribute for the user' roles at Mapping > Roles.

    1. Roles attribute already exists - Select existing attribute.

    2. If no Roles attribute exists yet - Click Create Attribute to extend the selected entity with an attribute that links the entities User and Roles.

  4. Click Finish.

    Image not found

Options

  • Subject name - selection of the attribute for the user name.

  • Roles - selection of the attribute with the list (Set/List) of all roles of a user.

Result

  • Project Management > main-java > domain

    • Role - The entity class Role.java is extended by the attribute users.

      Entity

      Attribute

      DataType

      Role

      name

      string

      resources

      Set / List

      childRoles

      Set / List

      parentRoles

      Set / List

      users

      Set / List

    • User - The entity class User.java is extended by the attribute roles.

      Entity

      Attribute

      DataType

      User

      username

      String

      password

      byte[]

      roles

      Set / List

  • Project Management > main-java > dal- The DAO class UserDAO.java is generated. If an already existing entity is selected, no new DAO will be generated.

  • Project Management > main-java - A new AuthorizationConfigurationProvider is generated.

    package com.company.demoproject.ui;

import com.company.demoproject.domain.Resource;
import com.company.demoproject.domain.Role;
import com.company.demoproject.domain.User;
import com.rapidclipse.framework.security.authorization.AuthorizationConfiguration;
import com.rapidclipse.framework.security.authorization.AuthorizationConfigurationProvider;
import com.rapidclipse.framework.server.security.authorization.jpa.JPAAuthorizationConfigurationProvider;


public class MyAuthorizationConfigurationProvider implements AuthorizationConfigurationProvider
{
    private static class InitializationOnDemandHolder
    {
        final static MyAuthorizationConfigurationProvider INSTANCE = new MyAuthorizationConfigurationProvider();
    }

    public static MyAuthorizationConfigurationProvider getInstance()
    {
        return InitializationOnDemandHolder.INSTANCE;
    }

    private JPAAuthorizationConfigurationProvider provider;

    private MyAuthorizationConfigurationProvider()
    {
    }

    @Override
    public AuthorizationConfiguration provideConfiguration()
    {
        if(this.provider == null)
        {
            this.provider = new JPAAuthorizationConfigurationProvider(User.class, Role.class, Resource.class);
        }

        return this.provider.provideConfiguration();
    }
}
For the newly generated entities User, Role and Resource corresponding tables have to be created in the database. RapidClipse offers an export function for this purpose.
It is helpful to enter some default data for the database tables USER, ROLE and RESOURCE.
You can use Data Source Explorer to add some data manually to the tables.