This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm newbie to JSF, and fairly new Java web development as a whole, so I might of missed a standard way of doing this.
I need to restrict access to form fields depending on the type of user. For example usertype1 can read fields: reference, name, address, where as userType2 can read/write reference field, read name, but has no access to address. So basically I have the same jsp page and different components will render depending on usertype.
In the future I will probably need to modify the access to fields and add new fields.
I wondered whats the best approach to implement this kind of field level security?
I was thinking of having a Role object on each user with a list/mapping of the fields and access level and on every form field that is rendered checking the users role to see the level of access. If the check returns READ, field is rendered, if returns NO_ACCESS field is not displayed.