This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
We have a web application running on Websphere Application Server V6. Say i have a jsp page that enables working on Student details. This jsp page enables users to view, insert, update or delete student records. Now, some users can only use the 'View' link, otheres can also use 'Insert' link, and some other users can only update.
From what i know, i can hold a DB table that indicates for each user and table - which operations are allowed. But, my question is - what is the right way to do that on the JSP page? Do i call this security table on each page load and hide the anauthorized links? Or, do always show all the links and just let the database throw an exception and give a message to the user, when he/she presses an anauthorized link? Or is there a third and better way?