Creating partly restricted sites

[An...@fiducia.de]

Hello!

I have to restrict some of my sites according to the role the logged in user
has. There will be a role of admin or user and possibly some more.

How could it be done best?

1. Implementing an own jsp-file for each existing jsp with the reduced roles:
each role would have its own jsp-file.

2. Wrapping the restricted areas with <logic:equal> tags to check, wheter the
area should be displayed or not.

3. ?


I fear that the second way will lead to unreadable (and unmaintainable)
jsp-files. The first way would produce more jsp-files, but they would be less
complicated (no additional checks, therefore producing less CPU load). They
could be much easily be maintained, because it's evident, where to search a
problem or where to extend a new feature.


Does anybody has an additional idea?

Kind regards,
Andreas Hartmann


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Creating partly restricted sites

[Puneet Lakhina <pu...@gmail.com>]

On 10/17/06, Asad Habib <ah...@engin.umich.edu> wrote:
>
> Andreas, the second method is definitely better from the perspective of
> long-term maintainence. You really need just 1 jsp to achieve the task at
> hand. Also, using tags should not make the code unreadable since tags were
> developed for exactly that purpose. They embed nicely with markup.


I disagree here. If you are using logic equal then  in case you have an OR
condition to check the code gets really messy and duplicated. So basically
if you have to display a link only if user is role1 OR role2 OR role3 then
you would write
<logic:equal name="role" value="1">
link
</logic:equal>
<logic:equal name="role" value="2">
link
</logic:equal><logic:equal name="role" value="3">
link
</logic:equal>

which isn't a nice thing. For this i extended logic equal to have a tag to
check OR condition amongst a list of delimited values. I haven't ever used
JSTL so i don't know if that can be done using that.

I would suggest using a separate JSP for each, for the part that's common
among all files you could use tiles. This would probably be more
maintainable. This is a very common problem and I think it would really help
if someone whose been there done that could comment. My application was very
small( about 20-25 pages) so my opinion has limited experience backing it.
:-)

If you
> were using a scriplet then readability would be an issue. Another option
> is to check for the role in an action and then forward the user to the
> appropriate page depending on their role.

This will also require more than
> 1 jsp.
>
> - Asad
>
>
> On Tue, 17 Oct 2006, Andreas.Hartmann@fiducia.de wrote:
>
> >
> > Hello!
> >
> > I have to restrict some of my sites according to the role the logged in
> user
> > has. There will be a role of admin or user and possibly some more.
> >
> > How could it be done best?
> >
> > 1. Implementing an own jsp-file for each existing jsp with the reduced
> roles:
> > each role would have its own jsp-file.
> >
> > 2. Wrapping the restricted areas with <logic:equal> tags to check,
> wheter the
> > area should be displayed or not.
> >
> > 3. ?
> >
> >
> > I fear that the second way will lead to unreadable (and unmaintainable)
> > jsp-files. The first way would produce more jsp-files, but they would be
> less
> > complicated (no additional checks, therefore producing less CPU load).
> They
> > could be much easily be maintained, because it's evident, where to
> search a
> > problem or where to extend a new feature.
> >
> >
> > Does anybody has an additional idea?
> >
> > Kind regards,
> > Andreas Hartmann
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


-- 
Puneet

Re: Creating partly restricted sites

[Asad Habib <ah...@engin.umich.edu>]

Andreas, the second method is definitely better from the perspective of 
long-term maintainence. You really need just 1 jsp to achieve the task at 
hand. Also, using tags should not make the code unreadable since tags were 
developed for exactly that purpose. They embed nicely with markup. If you 
were using a scriplet then readability would be an issue. Another option 
is to check for the role in an action and then forward the user to the 
appropriate page depending on their role. This will also require more than 
1 jsp.

- Asad


On Tue, 17 Oct 2006, Andreas.Hartmann@fiducia.de wrote:

>
> Hello!
>
> I have to restrict some of my sites according to the role the logged in user
> has. There will be a role of admin or user and possibly some more.
>
> How could it be done best?
>
> 1. Implementing an own jsp-file for each existing jsp with the reduced roles:
> each role would have its own jsp-file.
>
> 2. Wrapping the restricted areas with <logic:equal> tags to check, wheter the
> area should be displayed or not.
>
> 3. ?
>
>
> I fear that the second way will lead to unreadable (and unmaintainable)
> jsp-files. The first way would produce more jsp-files, but they would be less
> complicated (no additional checks, therefore producing less CPU load). They
> could be much easily be maintained, because it's evident, where to search a
> problem or where to extend a new feature.
>
>
> Does anybody has an additional idea?
>
> Kind regards,
> Andreas Hartmann
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org