开发者

user access management in j2ee web application

开发者 https://www.devze.com 2022-12-30 02:11 出处:网络
I am working with jsp/servlet project and I have to complete the module of access management to my jsps since I have more than one user with different profile.

I am working with jsp/servlet project and I have to complete the module of access management to my jsps since I have more than one user with different profile.

I defined a table in my database which resume the profil and the url permitted like that:

id_profil :1 
url : http://localhost/...xyz.jsp
id page 1

Now I am trying to let the menu modified appropriately to the id_profil of the logged user.

So there are pages allowed in one pr开发者_如何学JAVAofile but must be hidden to others. I have no idea since now how to realize this.


It's kinda a vague exaplanation but you could use an if in your jsp to hide the menu options based on id_profil, something like this:

<c:if test="${currentUser.id_profil == 1}">
   <button label="Only id_profil 1"/>
</c:if>


Keep in mind that by changing the values shown by a menu, you aren't preventing a user from accessing a page directly -- even if the user can't get to xyz.jsp by dropping down a menu item, they can still enter xyz.jsp into the address bar of their browser. So you'll have to block the access in another way.

If you have any experience with Spring, or are considering implementing it, take a look at Spring Security. It can be used to limit user access rights to different parts of your application. It isn't terribly hard to implement if you are already familiar with Spring.

ETA: For some basics that don't involve Spring Security, check out security in web.xml: http://java.sun.com/javaee/5/docs/tutorial/doc/bncbe.html#bncbj

0

精彩评论

暂无评论...
验证码 换一张
取 消