page and filed level security

Currently we are in the process of developing pages which involve both role based security as well as page level security. For e.g. depending upon a user is Admin or Moderator or guest user, certain pages may/may not be visible to him/her.

At the same time within a page itself some fields may or may not be editable to them.

How can u achive both a coarse grained as well as fine grained security mechanism.

[428 byte] By [karanmohitea] at [2007-10-3 9:45:09]

«« JNLP - loading images takes too long
»» Cast an object to arraylist?

# 1

Container security will be able to achieve this.

In the web.xml you can specify individual pages/folders which require a certain role to access. That should do you well enough for page level security. You need to define <security-role> and <security-constraint> sections in web.xml

With regards to components on the page, you have to go to the coding level. There are helper methods such as request.isUserInRole() which you can use to include/leave out various bits of a page.

Hope this helps,

evnafets

evnafetsa at 2007-7-15 5:01:45 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

Could you please explain both the solutions you have mentioned in a little detail, an example would be great. thanks

karanmohitea at 2007-7-15 5:01:45 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

page and filed level security

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified