"Craig R. McClanahan" wrote:
>
> "Eric M. Andersen" wrote:
>
> > Craig,
> > What would you do if the page in question could be viewed by anybody,
> > logged in or not, but certain parts of the display need to be hidden for
> > those who are not logged in (full functionality not available to guest
> > users, only to registered users). Would you wrap this if-else statement
> > around every single piece of the conditionally displaying code?
> >
>
> In a JSP 1.0, I would use a scriptlet to check for this scenario. For example, if
> your servlet container supported the 2.2 spec you could say:
>
> <% if (request.isUserInRole("manager")) { %>
> ... show the stuff a manager can see ...
> <% } %>
>
> In a JSP 1.1 environment, I would build a custom tag that did the same thing
> (embedding the security check inside) -- perhaps something like this:
>
> <mytags:ifuserhas role="manager">
> ... show the stuff a manager can see ...
> </mytags:ifuserhas>
I was faced with a similar requirement for a a sidebar menu that had
additonal entries for administrators. I managed to talk the project
manager out of it :) but this was our proposed solution:
In the controlling servlet, if an instance of a Menu object is not
already present in the users session, the MenuItem objects from a Menu
object which is loaded into the servletContext at startup is examined
and added to a session-scope Menu object if the user has the appropriate
permissions.
In the JSP a generic custom "<util:iterator>" tag is used to iterate
through the Menu Item objects as described above.
Damian
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
