B
boanator
I am developing a Struts web application. This application will
require users to login with a username and password. Each user will
have different access levels.
I will not be using role-based access b/c there are too many services
and too many access levels. Let's say there are 10 services. If a
user has access to a service, he will have read permission or
read/write permission to that service. I would like to set up bitflags
to determine the user's access level.
Ex)
// Contents of Constants.java
....
public final static int service_1_read = 1
public final static int service_1_read_write = 2
public final static int service_2_read = 4
public final static int service_2_read_write = 8
public final static int service_3_read = 16
public final static int service_3_read_write = 32
....
When a user logs in to the website, the user information will be stored
in the session.
I am using Tiles to design the layout of my website. The tiles are
setup using definitions in tiles-defs.xml. I load the pages using the
definitions. For example:
// Contents of /service_1_index.jsp
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>
<tiles:insert definition="service1.index" />
This will allow the index for service1 to be displayed. I was thinking
of adding a check for user access to /service_1_index.jsp to look like
the following:
// New Contents of /service_1_index.jsp that checks user access
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>
<%@ page import="com.myco.constants.Constants" %>
<% User user = (User)session.getAttribute("User");
if ( user.hasAccess(Constants.service_1_read) ||
user.hasAccess(Constants.service_1_read_write) ) {
%>
<tiles:insert definition="service1.index" />
<% } else { %>
<tiles:insert definition="access.denied" />
<% } %>
I know that this will work, but it goes against the whole purpose of
using Struts!! Keep java code out of the JSP files!!!!! Is there a
way that I can use the Tiles Controller? There has to be a better
way!!!
Any advice would help. Thanks in advance.
require users to login with a username and password. Each user will
have different access levels.
I will not be using role-based access b/c there are too many services
and too many access levels. Let's say there are 10 services. If a
user has access to a service, he will have read permission or
read/write permission to that service. I would like to set up bitflags
to determine the user's access level.
Ex)
// Contents of Constants.java
....
public final static int service_1_read = 1
public final static int service_1_read_write = 2
public final static int service_2_read = 4
public final static int service_2_read_write = 8
public final static int service_3_read = 16
public final static int service_3_read_write = 32
....
When a user logs in to the website, the user information will be stored
in the session.
I am using Tiles to design the layout of my website. The tiles are
setup using definitions in tiles-defs.xml. I load the pages using the
definitions. For example:
// Contents of /service_1_index.jsp
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>
<tiles:insert definition="service1.index" />
This will allow the index for service1 to be displayed. I was thinking
of adding a check for user access to /service_1_index.jsp to look like
the following:
// New Contents of /service_1_index.jsp that checks user access
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>
<%@ page import="com.myco.constants.Constants" %>
<% User user = (User)session.getAttribute("User");
if ( user.hasAccess(Constants.service_1_read) ||
user.hasAccess(Constants.service_1_read_write) ) {
%>
<tiles:insert definition="service1.index" />
<% } else { %>
<tiles:insert definition="access.denied" />
<% } %>
I know that this will work, but it goes against the whole purpose of
using Struts!! Keep java code out of the JSP files!!!!! Is there a
way that I can use the Tiles Controller? There has to be a better
way!!!
Any advice would help. Thanks in advance.