This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Enabling links according to user's authorization Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Enabling links according to user Watch "Enabling links according to user New topic
Author

Enabling links according to user's authorization

rivka zam
Greenhorn

Joined: Feb 22, 2005
Posts: 24
Hi everyone,

We have a web application running on Websphere Application Server V6.
Say i have a jsp page that enables working on Student details.
This jsp page enables users to view, insert, update or delete student records.
Now, some users can only use the 'View' link, otheres can also use 'Insert' link, and some other users can only update.

From what i know, i can hold a DB table that indicates for each user and table - which operations are allowed.
But, my question is - what is the right way to do that on the JSP page?
Do i call this security table on each page load and hide the anauthorized links? Or, do always show all the links and just let the database throw an exception and give a message to the user, when he/she presses an anauthorized link? Or is there a third and better way?

Thanks
Rivka
Christopher Steel
Greenhorn

Joined: Jan 10, 2006
Posts: 23
Rivka,
A better approach may be to use a taglib to enforce the page level access control. See the Authorization Enforcer pattern in Chapter 9 for a description and sample code on how to do this.
 
 
subject: Enabling links according to user's authorization
 
Similar Threads
page flow best practice
Design Question
Maintaining user state in a web application
Read table values in Action
Spring MVC design help