here is a quick question from someone who knows Spring core but has not played much with Spring Security.
I am wondering about the possibilities offered by the framework.
I guess Spring Security allows to restrict access to methods, objects and so on in the business layer.
What about fields in pages in the presentation layer ?
If for instance i have a JSP page with 3 fields (field1, field2, field3).
I want user1 with role1 to be able to fill all fields.
I want user2 with role2 to be able to fill field1 and field2 only. So field3 must be read-only or disabled.
Does Spring Security offer some options/features for that ?
I'm not sure what the recommended way to do it is, you could use the tags to say if priv1 do this if not priv1 do that or something similar. You do end up duplicating code though. You could also create your own tags with this logic security logic.
subject: [Spring Security] Restrict access to fields in a page