Hi everyone,

We have a web application running on Websphere Application Server V6.
Say I have a JSP page that enables working on Student details.
This JSP page enables users to view, insert, update or delete student
records.
Now, some users can only use the 'View' link, others can also use
'Insert' link, and some other users can only update.

>From what i know, i can hold a DB table that indicates for each user and
table - which operations are allowed.
But, my question is - what is the right way to do that on the JSP page?
Do i call this security table on each page load and hide the
unauthorized links? Or, do always show all the links and just let the
database throw an exception and give a message to the user, when he/she
presses an unauthorized link? Or is there a third and better way?

Thanks
Rivka

Reply via email to