This week's book giveaway is in the Design forum.
We're giving away four copies of Design for the Mind and have Victor S. Yocco on-line!
See this thread for details.
Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how t prevent the user to access certain link

 
Revanth reddy
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Ranchers,
i have a small question. I am implementing small web application.it has 4 links under the main menu Lookup, add, update and delete. i am trying to implement the Role based acees here. lookup link can be viewed by any one, but add, delete and updated will be viewd by once particular user role people. even this is also working fine. ( i am checking this from login page, taking the user name and checking is it configured againist the user role, if it yes then displaying the link, if not hiding them)but the main problem is if the type the url to the main menu say (http://localhost:8080/App/mainMenu.jsp)on the brower it is displaying the all the link with out checking the user role. how do we eleminate this ??

thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64701
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to check the role on more than just the login page, it should be information available to all parts of the web application. One way is to include the role information in whatever session variable is used to indicate that the user is logged in. That way, simple <c:if> blocks on the page can determine if controls or sections need to be displayed or not based upon roles.

You are also checking roles once an action is submitted to make sure that the user has the authority to execute the operation. Right? Just hiding UI controls is not sufficient security.

 
Revanth reddy
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thankyou so much for your reply...
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Getting role_name on jsp page

if(request.isUserInRole(ROLE_MYROLE))


so depending upon the role name dynamically load a div tag which consists of links there .
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
RaviNada Kiran wrote:Getting role_name on jsp page
if(request.isUserInRole(ROLE_MYROLE))


Hi RaviNada , Discourage the scriplet in jsp
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are right , not so expereinced as you , just gave an idea
 
Revanth reddy
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
nyways Thanks for the replies guys...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic