File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes Restricting access to data in JSF form: Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » JSF
Bookmark "Restricting access to data in JSF form:" Watch "Restricting access to data in JSF form:" New topic

Restricting access to data in JSF form:

Sandeep GoudK

Joined: Sep 19, 2012
Posts: 5
I need to restrict access to data in the form depending on some condition.

For example account1 “balanceAmount” can be shown and editable to user(ex:$1000), whereas account2 “balanceAmount” can only be displayed as non editable "xxx-xx" in place of actual amount. So basically I have the same jsp page and show "balanceAmount" depending on account type.

I wondered whats the best approach to implement this kind of field level security?

I was thinking of having a composite component which accepts condition and balanceAmount objects, based on account type I will display outputText with static text "xxx-xx" and inputText with balanceAmount bound to its value attribute.
Sample code attached below:

//Composite component code
<composite:attribute name="condition" />
<composite:attribute name="balanceAmount" />
<hutputText value="xxx-xx-xxx" rendered="#{cc.attrs.condition}" />
<p:inputText value="#{cc.attrs.balanceAmount}" rendered="#{!cc.attrs.condition}">
<f:convertNumber type="currency" />

//Using composite component
<util:input id="accountBalance" condition="#{account.vipCustomer}"
balanceAmount="#{account.accountBalance}" />

//Account bean
public class Account implements Serializable {

private double accountBalance;

private boolean vipCustomer = false;

getter's and setter's goes here.....

Is it the safe approach, will there be any maintainence or upgradation issues.
Is there a better way? Thanks for any input.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: Restricting access to data in JSF form: