Restricting the update of info

[ls_to_2007]

Hello;

Maybe this is a security question.

Basically I have a set of forms.

I want users to be able to fill a value in once. After that they cannot change that value in the form.

Admins will be able to update any value in the form.

I think there will be a security component involved (I am integrating Acegi as my security layer). But I am trying to figure out what part of the the Spring MVC will be involved. Should I do this with a form wizard? If there a feature in the form tld I can leverage? Maybe someone can point me in the right direction.

Thanks!

[karldmoore]

Does this want to be in the web layer? Yes you want to disable the field so the value can't be re-entered but I would have also thought want to secure this in the business layer. It's a business rule so it would seem logical.

[ls_to_2007]

Yes, business layer makes more sense. I am guessing this is in the wrong forum now. I have no idea where to start with this task (I am still pretty new with Spring). Where would I start on something like this?

[karldmoore]

One way to do it would be to make the object immutable. Obviously you can't set the property as final if you are using Hibernate, but hidding the setter and setting the value in the constructor would do it.

[ls_to_2007]

Ok, but the catch is, I want Admins to be able to edit this data. Only the regular users would have this update restriction.