JSPs - changing contents on user role

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

JSPs - changing contents on user role

JSPs - changing contents on user role

2005-02-17 - By jon

Back

Reply: 1 2 3 4

On Thu, 17 Feb 2005 09:15:26 -0000, Ben Hill wrote
> > -- --Original Message-- --
> > From: jon [mailto:jon@(protected)]
> > Sent: 16 February 2005 18:13
> > To: J2EEPATTERNS-INTEREST@(protected)
> > Subject: JSPs - changing contents on user role
> >
> > I'm in the middle of solving a problem I'm sure others have
> > solved, and thought I'd bounce it off everyone to see if
> > there's a well-established pattern for this kind of thing.
> >
> > <hasAccess name="field1" type="update">
> > <input name="field1"> ...
> > </hasAccess>
> > <hasAccess type="read">
> > <?= valueof(field1) ?>
> > </hasAccess>
>
> That solution sounds fine, I've implemented a pretty much similar
> custom tag to only display content given a user's role.
>
> The thing I'd implement is a security check for your back-end
> methods to make sure the form isn't hand crafted to include any of
> the fields that aren't displayed.

Certainly, that's the more important part.

Thanks for the help all, a sanity check, hope the discussion helped others too.
:)

Regards,
Jon

--
Jonathan Petruk

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@(protected)