The IBM developerWorks website has posted the sixth part of their tutorial series on the Agavi framework from Vikram Vaswani. This time he focuses on creating an access control system for their sample application.

Agavi's focus on application security doesn't end with input validation. The framework also exposes a powerful user authentication and access control subsystem that you can customize it to meet the requirements of almost any Web application. This subsystem supports both simple login-based authentication and more complex role-based access control (RBAC), and it provides a solid foundation for application-level privilege management and manipulation.

He introduces the three main principles - passwords, privileges and roles - and shows how to use them with login validation and setting up the user roles (as fetched from a database table). Code examples and screenshots are included as well as a download package of everything.