• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Controlling Access to Form fields?

 
Scott Bown
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I'm newbie to JSF, and fairly new Java web development as a whole, so I might of missed a standard way of doing this.

I need to restrict access to form fields depending on the type of user. For example usertype1 can read fields: reference, name, address, where as userType2 can read/write reference field, read name, but has no access to address. So basically I have the same jsp page and different components will render depending on usertype.

In the future I will probably need to modify the access to fields and add new fields.

I wondered whats the best approach to implement this kind of field level security?

I was thinking of having a Role object on each user with a list/mapping of the fields and access level and on every form field that is rendered checking the users role to see the level of access. If the check returns READ, field is rendered, if returns NO_ACCESS field is not displayed.

Is there a better way? Thanks for any input.

Scott
 
Krithika Srinath
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do know that this can be achieved by using RBAC (Role Based Access Control). However, not sure how to use RBAC in JSF. Will see whether I could get some hands on this and get back.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic