Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
The moose likes Security and the fly likes Content Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Content Management" Watch "Content Management" New topic

Content Management

James Ellis
Ranch Hand

Joined: Oct 14, 2004
Posts: 205
Does anyone know of any good design patterns for showing/hiding content based on user's roles? For instance, if a user logs in I know that I can find out if they are in a role "ADMIN" by doing isUserInRole("ADMIN") but I really would prefer not to hardcode roles in the JSP?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Indeed, you should not be hardcoding roles in a JSP. This kind of decision should be made in the controller (maybe a servlet), which sets a boolean attribute, based on which the JSP can make decision on what to render.

Instead of hardcoding role names, you can keep the role names in a separate config file, and then use logical names for them in the application. That way you can change roles later w/o having to change the code.
I agree. Here's the link:
subject: Content Management
It's not a secret anymore!