Re: JSDK2.2 and security (Was Model 2)

Thu, 9 Mar 2000 22:47:36 -0800 

?D ??? ???  ?" #*? ???
??P
??????? ??
?
??
??? ??
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

Comments below

"Craig R. McClanahan" escribi=F3:
=20
...<snip>=20
>=20
> That's exactly what isUserInRole() is for -- to let you vary the response
> based on the
> security permissions of the current user.  So, to show a chunk of your JS=
P
> page only to
> managers, you would do something like this:
>=20
> <% if (request.isUserInRole("manager")) { %>
> ... the output that only managers should see ...
> <% } %>
>=20
> To me, this counts as "presentation logic" rather than "business logic",
> because nothing in
> the underlying business model (in your beans) is affected.  However, if y=
ou
> don't like
> scriptlets embedded in your JSP pages, you can also write a custom tag to
> accomplish this
> -- perhaps it would end up looking like:
>=20
> <mytags:rolecheck role=3D"manager">
> ... the output that only managers should see ...
> </mytags:rolecheck>
>=20

Alternately you could have a security controller servlet perform the
isUserInRole() check and then forward to a jsp that would display the
correct view. Then you wouldn't have to build a custom tag.

-jesse

...<snip>
>=20
>>=20
>> Comments appreaciated,
>> Dan
>=20
> Craig
>=20
> 
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>=20
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=3DJSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=3DServlets
>=20

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to