This week's book giveaway is in the Design forum.
We're giving away four copies of Building Microservices and have Sam Newman on-line!
See this thread for details.
The moose likes Security and the fly likes Content Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Building Microservices this week in the Design forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Content Management" Watch "Content Management" New topic
Author

Content Management

James Ellis
Ranch Hand

Joined: Oct 14, 2004
Posts: 205
Does anyone know of any good design patterns for showing/hiding content based on user's roles? For instance, if a user logs in I know that I can find out if they are in a role "ADMIN" by doing isUserInRole("ADMIN") but I really would prefer not to hardcode roles in the JSP?
Ulf Dittmer
Rancher

Joined: Mar 22, 2005
Posts: 42958
    
  73
Indeed, you should not be hardcoding roles in a JSP. This kind of decision should be made in the controller (maybe a servlet), which sets a boolean attribute, based on which the JSP can make decision on what to render.

Instead of hardcoding role names, you can keep the role names in a separate config file, and then use logical names for them in the application. That way you can change roles later w/o having to change the code.
 
Have you checked out Aspose?
 
subject: Content Management
 
It's not a secret anymore!