Nov 11th, 2010, 07:52 AM
Displaying links to urls that only a user has access to
Hello! We are currently in the process of securing our site that uses Spring MVC, jsps, and Spring Security 3.0.3 so that users can only see links to URLs that they have access to via roles. Instead of me going through every jsp and surrounding every link with the <authorize url=""> tag does anyone know a way to somehow intercept a hyperlink while the jsp is handled and either surround it with this tag or simply check the role to decide whether to render the link? There are a lot of links and it seems like there must be a way to do this. Thanks!
Nov 12th, 2010, 05:38 AM
A JSP has no concept of HTML structure - it doesn't actually know that it's rendering HTML links - so the only option I can think of is to write a custom link tag which encompasses the authorization logic.
In practice, it's often not that simple - there is often additional HTML which should be omitted if you're hiding the link.
Tags for this Thread