File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Content Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Content Management" Watch "Content Management" New topic
Author

Content Management

James Ellis
Ranch Hand

Joined: Oct 14, 2004
Posts: 205
Does anyone know of any good design patterns for showing/hiding content based on user's roles? For instance, if a user logs in I know that I can find out if they are in a role "ADMIN" by doing isUserInRole("ADMIN") but I really would prefer not to hardcode roles in the JSP?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42913
    
  68
Indeed, you should not be hardcoding roles in a JSP. This kind of decision should be made in the controller (maybe a servlet), which sets a boolean attribute, based on which the JSP can make decision on what to render.

Instead of hardcoding role names, you can keep the role names in a separate config file, and then use logical names for them in the application. That way you can change roles later w/o having to change the code.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Content Management