authz taglib

[sr.lucas]

This is kind of a philosophicall question, but when you get down to hidding functionality at the .jsp level, you need to write things such as

<authz:authorize ifAllGranted="ROLE_OPERATOR">
<h1>blah</h1>
</authz:authorize>

however, the roles are static in the jsp ...

what if the roles are highly dinamic? Is there any way to make such role assignment more dinamic?
or should I move such checks one layer behind?

[karldmoore]

If you are wanting to hide something from a user, you have to key it on something. In this case roles, but it could also be permissions, or use ACLs or something completely different.

If there is an element of something being dynamic then this example might not work for you. I don't think however if it doesn't work you should just check it at a different level. Projects I've seen needed to protect links (don't let them click something they shouldn't), URLs, method calls etc....