Hide the links.This way, you won't let him lose time trying to access things he can't and his view of the interface will be more clear.
On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote: > > Hi everyone, > > We have a web application running on Websphere Application Server V6. > Say I have a JSP page that enables working on Student details. > This JSP page enables users to view, insert, update or delete student > records. > Now, some users can only use the 'View' link, others can also use > 'Insert' link, and some other users can only update. > > From what i know, i can hold a DB table that indicates for each user and > table - which operations are allowed. > But, my question is - what is the right way to do that on the JSP page? > Do i call this security table on each page load and hide the > unauthorized links? Or, do always show all the links and just let the > database throw an exception and give a message to the user, when he/she > presses an unauthorized link? Or is there a third and better way? > > Thanks > Rivka > > -- Letícia Álvares Barbalho [EMAIL PROTECTED]
