Thread:

**pjydc** · May 2nd, 2005, 04:58 PM

Hi, I hope to use <authz:authorize> in my jsp pages to hide and display some buttons or links.

I have a few basic roles such as Finance_Read and Finance_Write. Now I constructed a new role called Finance which includes both Finance_Read and Finance_Write and assign it to a user.

It is my understanding that <authz:authorize> only works for Finance_Read and Finance_Write but not for the role Finance. In another word, the user with the role Finance cannot see content controlled as follows:

<authz:authorize ifAnyGranted="ROLE_Finance_Read">

....some content....

</authz:authorize>

Am I right?

Thanks!
Pete

**pjydc** · May 3rd, 2005, 10:29 AM

Can any expert out there confirm on this? I hope to not misuderstand
Acegi...

Using constructed high-level roles instead of simply "bottom" ones is
a requirement for many enterprise applications...

Thanks, Pete

**Ben Alex** · May 5th, 2005, 10:23 PM

The recommended way of doing this with Acegi Security would be for "FINANCE" to be in a GROUP table, with "FINANCE_READ" and "FINANCE_WRITE" in a ROLES table. You'd then have a 1:M relationship and your AuthenticationDao would be responsible for adding the member ROLEs to the UserDetails it returns to DaoAuthenticationProvider.

This is not the only way, though. There is nothing stopping you from writing your own hierarchical role concept and returning them. All you need to do is then write a suitable AccessDecisionVoter and taglib that can recognise your hierarchy of roles. Although in most cases the approach explained in the first paragraph will be more standardised and less work.

**j2eeguru** · May 7th, 2005, 11:39 AM

Assuming that I views defined as follows:


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id=mainMenuItems" class="org.springframework.beans.factory.config.Li stFactoryBean">
<property name="sourceList">
<list>
<bean class="com.springrocks.common.web.util.MenuItem">
<property name="id" value="spring" />
<property name="value" value="The Spring Framework" />
<property name="link" value="/getBusyWithSpring.htm" />
<property name="roles" value="ROLE_SPRING_USER,ROLE_HIBERNATE_USER" />
</bean>
<bean class="com.springrocks.common.web.util.MenuItem">
<property name="id" value="hivemind" />
<property name="value" value="Hivemind" />
<property name="link" value="/greatStuffButGoWithSpring.htm" />
<property name="roles" value="ROLE_SPRING_USER,ROLE_HIVEMIND_USER" />
</bean>
<bean class="com.springrocks.common.web.util.MenuItem">
<property name="id" value="swf" />
<property name="value" value="Spring Webflow" />
<property name="link" value="/mayBeReleasedBySeptember.htm" />
<property name="roles" value="ROLE_MVC_USER,ROLE_COOL_USER" />
</bean>
<bean class="com.springrocks.common.web.util.MenuItem">
<property name="id" value="acegi" />
<property name="value" value="Acegi" />
<property name="link" value="/howLongBeforeVersion1.htm" />
<property name="roles" value="ROLE_SECURITY_USER,ROLE_FLEXIBLE_USER" />
</bean>
</list>
</property>
</bean>

<bean id=architectureMenuItems" class="org.springframework.beans.factory.config.Li stFactoryBean">
<property name="sourceList">
<list>
<bean class="com.springrocks.common.web.util.MenuItem">
<property name="id" value="designPatterns" />
<property name="value" value="Design Patterns" />
<property name="link" value="/lessonsLearned.htm" />
<property name="roles" value="ROLE_SOFTWARE_ARCHITECT,ROLE_SENIOR_DEVELOP ER" />
</bean>
...
...
</list>
</property>
</bean>
</beans>


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

<bean id="abstractView" class="org.springframework.web.servlet.view.JstlVi ew">
<property name="url" value="/WEB-INF/views/jsp/templates/defaultTemplate.jsp"/>

<property name="attributesMap['scripts']">
<list>
<value>scripts/myScripts.js</value>
<value>scripts/common.js</value>
</list>
</property>

<property name="attributesMap['styles']">
<list>
<value>styles/myStyle.css</value>
<value>styles/common.css</value>
</list>
</property>

<property name="attributesMap['menuItems']" ref="mainMenuItems" />

<property name="attributesMap['header']" value="/WEB-INF/views/jsp/templates/header.jsp" />
<property name="attributesMap['sidebar']" value="/WEB-INF/views/jsp/templates/sidebar.jsp" />
<property name="attributesMap['footer']" value="/WEB-INF/views/jsp/templates/footer.jsp"/>

</bean>

<bean id="mainView" parent="abstractView">
<property name="attributesMap['content']" value="/WEB-INF/views/jsp/pages/main.jsp" />
</bean>

<import resource="views-menus.xml"/>

</beans>

As I iterate over the menu items in a JSP page (main.jsp), I should be able to do the following.

<c:forEach var="menuItem" items="${menuItems}">

<authz:authorize ifAnyGranted="${menuItem.roles}">

<a href='<c:url value="${menuItem.link}"/>'><c:out value="menuItem.value"/></a>
</authz:authorize>

</authz:authorize>

</c:forEach>

Thread:

Thread Tools

Display

The authorize custom tag should allow dynamic role attribute

Posting Permissions