• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how t prevent the user to access certain link

 
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Ranchers,
i have a small question. I am implementing small web application.it has 4 links under the main menu Lookup, add, update and delete. i am trying to implement the Role based acees here. lookup link can be viewed by any one, but add, delete and updated will be viewd by once particular user role people. even this is also working fine. ( i am checking this from login page, taking the user name and checking is it configured againist the user role, if it yes then displaying the link, if not hiding them)but the main problem is if the type the url to the main menu say (http://localhost:8080/App/mainMenu.jsp)on the brower it is displaying the all the link with out checking the user role. how do we eleminate this ??

thanks
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to check the role on more than just the login page, it should be information available to all parts of the web application. One way is to include the role information in whatever session variable is used to indicate that the user is logged in. That way, simple <c:if> blocks on the page can determine if controls or sections need to be displayed or not based upon roles.

You are also checking roles once an action is submitted to make sure that the user has the authority to execute the operation. Right? Just hiding UI controls is not sufficient security.

 
Revanth reddy
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thankyou so much for your reply...
 
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Getting role_name on jsp page

if(request.isUserInRole(ROLE_MYROLE))


so depending upon the role name dynamically load a div tag which consists of links there .
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

RaviNada Kiran wrote:Getting role_name on jsp page
if(request.isUserInRole(ROLE_MYROLE))



Hi RaviNada , Discourage the scriplet in jsp
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You are right , not so expereinced as you , just gave an idea
 
Revanth reddy
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
nyways Thanks for the replies guys...
 
reply
    Bookmark Topic Watch Topic
  • New Topic