File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes Controlling Access to Form fields? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Controlling Access to Form fields?" Watch "Controlling Access to Form fields?" New topic

Controlling Access to Form fields?

Scott Bown
Ranch Hand

Joined: Sep 06, 2007
Posts: 32
Hi all,

I'm newbie to JSF, and fairly new Java web development as a whole, so I might of missed a standard way of doing this.

I need to restrict access to form fields depending on the type of user. For example usertype1 can read fields: reference, name, address, where as userType2 can read/write reference field, read name, but has no access to address. So basically I have the same jsp page and different components will render depending on usertype.

In the future I will probably need to modify the access to fields and add new fields.

I wondered whats the best approach to implement this kind of field level security?

I was thinking of having a Role object on each user with a list/mapping of the fields and access level and on every form field that is rendered checking the users role to see the level of access. If the check returns READ, field is rendered, if returns NO_ACCESS field is not displayed.

Is there a better way? Thanks for any input.


Android + J2EE Developer
Krithika Srinath
Ranch Hand

Joined: Apr 11, 2006
Posts: 52
I do know that this can be achieved by using RBAC (Role Based Access Control). However, not sure how to use RBAC in JSF. Will see whether I could get some hands on this and get back.
I agree. Here's the link:
subject: Controlling Access to Form fields?
It's not a secret anymore!