Announcement Announcement Module
Collapse
No announcement yet.
taglib? Conditional display of fields based on role Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • taglib? Conditional display of fields based on role

    I have spring security hooked up to a jsp web app. Is there a way to conditionally display jsp elements? For instance, a link or button that only gets displayed for users with certain GrantedAuthority?
    (NOTE: Not sure if this is important but we have customized our security so that the users rights are dynamically refreshed when their permissions are changed, and we are calling some web services to find out our users permissions etc.)

  • #2
    The Pet Clinic tutorial suggests something like below:

    <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

    <sec:authorize ifAllGranted="ROLE_SUPERVISOR">
    </sec:authorize>

    However this wont work as it will just check the granted authorities for the user, I need it to call the decide() method in the customized access decision manager. Any ideas?

    Comment


    • #3
      So I looked at adding a method on the customized userDetails object that would call decide, but the problem is still that I can't pass in values to it. I need to pass in the url and method for a decision to be able to be made. I can't see how I can do this with the current taglib.

      Comment


      • #4
        Hacked

        OK. I've learnt how to make taglibs and have created one for this scenario. Problem solved, but not nicely.

        The spring-security framework does not seem to be factored well to handle dynamic security (i.e. a users role/s can change at any time, a roles functions can change at any time, a uri & methods function requirement can change any time). Maybe I am missing something obvious?

        Comment

        Working...
        X