• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Enabling links according to user's authorization

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone,

We have a web application running on Websphere Application Server V6.
Say i have a jsp page that enables working on Student details.
This jsp page enables users to view, insert, update or delete student records.
Now, some users can only use the 'View' link, otheres can also use 'Insert' link, and some other users can only update.

From what i know, i can hold a DB table that indicates for each user and table - which operations are allowed.
But, my question is - what is the right way to do that on the JSP page?
Do i call this security table on each page load and hide the anauthorized links? Or, do always show all the links and just let the database throw an exception and give a message to the user, when he/she presses an anauthorized link? Or is there a third and better way?

Thanks
Rivka
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Rivka,
A better approach may be to use a taglib to enforce the page level access control. See the Authorization Enforcer pattern in Chapter 9 for a description and sample code on how to do this.
 
reply
    Bookmark Topic Watch Topic
  • New Topic