You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Chawla, Yogesh" <yo...@hpsglobal.com> on 2003/11/03 14:11:34 UTC
Display User based/Role based Links/Buttons
Hi,
I needed to know what are the options for displaying User based screens.
I have to show only selected buttons/hyperlinks based on UserId/Role
Authentication.
I believe using tiles is one of the options, any others as well..
All help appreciated !
Yogesh
DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to this
message by anyone else is unauthorised. If you are not the intended
recipient, any disclosure, copying, or distribution of the message, or any
action or omission taken by you in reliance on it, is prohibited and may be
unlawful. Please immediately contact the sender if you have received this
message in error. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: Display User based/Role based Links/Buttons
Posted by Christian Bollmeyer <ja...@christianbollmeyer.de>.
Am Montag, 3. November 2003 14:11 schrieb Chawla, Yogesh:
> Hi,
Hi,
> I needed to know what are the options for displaying User based
> screens.
>
> I have to show only selected buttons/hyperlinks based on UserId/Role
> Authentication.
>
> I believe using tiles is one of the options, any others as well..
>
> All help appreciated !
When using declarative security as you describe, you can do a
check in your JSP pages by using the isUserInRole() and
getRemoteUser() API functions. You may use scriplets, but
a better approach seems to write a custom tag that also
handles the conditional logic (it's easy) for this task. One
example would be the one Hans Bergsten provides along
with his JSP book (<ora:ifUserInRole>); you can download
the relevant source code from www.TheJspBook.com.
Use this approach if you want to provide for fine-grained
access control. If you want to block the entire page to
non-authorized users, you may make use of the built-in
Struts mechanisms in an all-or-nothing fashion (you can
declaratively specify whether an Action may be executed
or not by a user via the 'roles' attribute in struts-config.xml),
and AFAIK, Tiles itself is following this scheme as well
(that is, when making use of tiles-defs.xml and Tiles
definitions as Action targets in struts-config.xml, as we
do).
> Yogesh
HTH,
-- Chris.
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org