May 21st, 2009, 09:48 PM
taglib? Conditional display of fields based on role
I have spring security hooked up to a jsp web app. Is there a way to conditionally display jsp elements? For instance, a link or button that only gets displayed for users with certain GrantedAuthority?
(NOTE: Not sure if this is important but we have customized our security so that the users rights are dynamically refreshed when their permissions are changed, and we are calling some web services to find out our users permissions etc.)
May 24th, 2009, 03:57 PM
The Pet Clinic tutorial suggests something like below:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
However this wont work as it will just check the granted authorities for the user, I need it to call the decide() method in the customized access decision manager. Any ideas?
May 24th, 2009, 04:06 PM
So I looked at adding a method on the customized userDetails object that would call decide, but the problem is still that I can't pass in values to it. I need to pass in the url and method for a decision to be able to be made. I can't see how I can do this with the current taglib.
May 24th, 2009, 10:05 PM
OK. I've learnt how to make taglibs and have created one for this scenario. Problem solved, but not nicely.
The spring-security framework does not seem to be factored well to handle dynamic security (i.e. a users role/s can change at any time, a roles functions can change at any time, a uri & methods function requirement can change any time). Maybe I am missing something obvious?