On 1/11/06, Rivka Shisman <[EMAIL PROTECTED]> wrote: > From what i know, i can hold a DB table that indicates for each user and > table - which operations are allowed. > But, my question is - what is the right way to do that on the JSP page? > Do i call this security table on each page load and hide the > unauthorized links? Or, do always show all the links and just let the > database throw an exception and give a message to the user, when he/she > presses an unauthorized link? Or is there a third and better way?
I use Struts Menu to conditionally display menu items based on user roles. Rather than configure the container to handle it, I have a Filter that wraps the request, and the request wrapper overrides the isUserInRole method. In that method, I check a session-scoped 'user' object to see if the user has that role. The code is here, and I don't think it's Tomcat-specific: http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatRequestWrapper Without Struts Menu, I think you can check roles with JSTL, or if not, surely someone has already written a taglib to do this. HTH, -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
