> -----Original Message-----
> From: jon [mailto:jon@(protected)]
> Sent: 16 February 2005 18:13
> To: J2EEPATTERNS-INTEREST@(protected)
> Subject: JSPs - changing contents on user role
>
> I'm in the middle of solving a problem I'm sure others have
> solved, and thought I'd bounce it off everyone to see if
> there's a well-established pattern for this kind of thing.
>
> <hasAccess name="field1" type="update">
>  <input name="field1"> ...
> </hasAccess>
> <hasAccess type="read">
>  <?= valueof(field1) ?>
> </hasAccess>


That solution sounds fine, I've implemented a pretty much similar custom tag
to only display content given a user's role.

The thing I'd implement is a security check for your back-end methods to make
sure the form isn't hand crafted to include any of the fields that aren't
displayed.

Cheers,

Ben


********************************************************************

This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person
Thank you

Check us out at http://www.bt.com/consulting

********************************************************************

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@(protected)