application
I need to implement a web application that will be used by different users. Each user has different privileges in different tables, for example.
User A can see the "name" and "address" Student
fields from the table. User B can see the "name" and "phone number" fields, but not the "address" from the table. Student
User C can see and change all the fields mentioned above.
I will have something at the user interface level to restrict certain access, for example. hide the "Edit" button for users who do not have permission to modify entries. However, I think I should have something at a lower level (perhaps at the database level?) To ensure data security.
Problem
I use Hibernate, JBoss, DB2, and Struts for my application. I think I should use some kind of JBoss LoginModule that authenticates the user against the database using user / password / roles (but I could be wrong (?)). I did some research and came up with the following options, but none of them fit my case. I think this is a very common data access problem in multi-user web applications. Can someone point me in the right direction? Thank you in advance!
'grant' hibernate.cfg.xml JACC. "" "" "" . , , ? , . http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-decl-security.html
getter/setter ejb. , bean, .
EJB
DAO . , , DAO, , .
"" "" . "onLoad", "onSaveorUpdate" .. . ? http://www.hibernate.org/hib_docs/v3/reference/en-US/html/objectstate-events.html
. . , , .
?