Junior Member
conditional output on page, based on account type
HI,
I'm curious how you guys handle this situation:
I have multiple account types, and they all have different roles.
On some shared pages, there are functions that should be visible only for certain account types, over others.
I'm wondering if there is any other way to handle this besides a bunch of "choose" jstl tags in the jsp pages?
For pages that change significantly for an account type I plan on creating a separate page all together.
Any suggestions are welcome.
Senior Member
I've implemented a permissions based system with a custom tag to determine whether the current logged in user is to be presented with certain parts of a page.
So I can have something like this:-
This is configured in a config file (which also holds page level permissions) like this - where ADM is the user's role:-Code:<security:hasPermission permissionGroup="Admin" permission="View"> <li> <html:link href="admin/administration.html"><fmt:message key="tabs.administration"/></html:link> </li> </security:hasPermission>
The permission group doesn't really mean anything, other than the fact that it's a way to group the rules together in a tidy way.Code:<permission-group name="Admin"> <permission name="View"> <group>ADM</group> </permission> </permission-group>
All this stuff (I've been posting lots of code on here recently) is due to come out in an Apache licensed set of Spring related utilities sometime in the early New Year. You can have a pre-release version (with no guarantees of being bug free of course) if you want.
Bob
Junior Member
Hi Bob,
Yes, please send it over!
You should be able to email me on here, or post a link where I can download it. I'll give you some feedback on it.
Thanks!
-Justin
Senior Member
OK, here it is. I took this snapshot just now. There are 3 libraries (there's actually a 4th that deals with generating Hibernate POJOs from a UML diagram but that isn't fit for release at all yet).
The Security one depends on the Spring one which in turn depends on the Util one.
http://www.zen29969.zen.co.uk/mpsc-security-0.2.zip
http://www.zen29969.zen.co.uk/mpsc-spring-0.2.zip
http://www.zen29969.zen.co.uk/mpsc-util-0.2.zip
I'm hosting these at my upstream ISP as I don't have the bandwidth myself for it at the moment in case you're wondering about the odd domain name.
The HistoryStack stuff in the Spring module is particularly ropey as that's what I'm working on at the moment. Everything else should be OK.
There's nothing in the way of documentation other than the JavaDoc (which isn't as complete as I'd like it at the moment either) so you're on your own with this. I don't have time to support it at the moment. All the XML config files have samples and DTDs so that shouldn't be too much of a problem.
If you find any bugs, or have any improvements, by all means post them back to me.
Junior Member
Hi Bob,
I was just wondering what you thought of the Acegi security system, and how your libraries differ from it?
Thanks
Senior Member
To be honest, I've never tried Acegi. I looked at the documentation, but it just seemed overly complex for what it was trying to accomplish. Login enforcement and permissions/ACLs are not rocket science and should be more easily integrated IMO.
My libraries are based on the techniques used in Seraph ( http://opensource.atlassian.com/seraph/ ) and OSUser ( http://www.opensymphony.com/osuser/ ) but since neither of those projects are being maintained anymore as far as I can tell, I thought I'd write my own libraries from the ground up to eliminate the failings that in those projects that have never been addressed. Most of the code has been written by me, but some code is "heavily influenced" by those projects, hence the acknowledgement in the license.
Bob
Posting Permissions
Reply With Quote