Quoting Yee CN <[EMAIL PROTECTED]>:
Anyway around this?
I wrote a custom tag, that controls if user has got the required level
to acces page, as this:
<user:access currentUser="${mb.currentUser}" pageLevel="2" />
The code of tag follows:
public int doStartTag() throws JspException {
JspWriter out = pageContext.getOut();
try {
HttpServletRequest req = (HttpServletRequest)
pageContext.getRequest();
pageContext.getSession().setAttribute("origPage",
StringUtils.replace(req.getServletPath(), "jsp", "jsf"));
loginPage = req.getContextPath() +
pageContext.getServletContext().getInitParameter("loginPage");
invLevelPage = req.getContextPath() +
pageContext.getServletContext().getInitParameter("invLevelPage");
HttpServletResponse resp = (HttpServletResponse)
pageContext.getResponse();
if(!currentUser.isValid) {
resp.sendRedirect(loginPage);
return SKIP_BODY;
}
if(!currentUser.inLevel(Integer.parseInt(pageLevel)))
resp.sendRedirect(invLevelPage);
} catch (IOException e){throw new JspException(e.getMessage());}
return SKIP_BODY;
}
currentUser is a class initialized with login page data and a level
list for user read from DB. loginPage and "invLevelPage" are variables
set in web.xml.
--
Francesco Consumi
Ufficio Sistemi informativi
Istituto degli Innocenti
Piazza SS.Annunziata, 12
50122 Firenze
consumi at istitutodeglinnocenti.it
Tel. +39 055 2037320
ICQ# 12516133
