Announcement Announcement Module
No announcement yet.
conditional output on page, based on account type Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • conditional output on page, based on account type


    I'm curious how you guys handle this situation:

    I have multiple account types, and they all have different roles.

    On some shared pages, there are functions that should be visible only for certain account types, over others.

    I'm wondering if there is any other way to handle this besides a bunch of "choose" jstl tags in the jsp pages?

    For pages that change significantly for an account type I plan on creating a separate page all together.

    Any suggestions are welcome.

  • #2
    I've implemented a permissions based system with a custom tag to determine whether the current logged in user is to be presented with certain parts of a page.

    So I can have something like this:-

    <security:hasPermission permissionGroup="Admin" permission="View">
            <html:link href="admin/administration.html"><fmt:message key="tabs.administration"/></html:link>
    This is configured in a config file (which also holds page level permissions) like this - where ADM is the user's role:-

    <permission-group name="Admin">
        <permission name="View">
    The permission group doesn't really mean anything, other than the fact that it's a way to group the rules together in a tidy way.

    All this stuff (I've been posting lots of code on here recently) is due to come out in an Apache licensed set of Spring related utilities sometime in the early New Year. You can have a pre-release version (with no guarantees of being bug free of course) if you want.



    • #3
      Hi Bob,

      Yes, please send it over!

      You should be able to email me on here, or post a link where I can download it. I'll give you some feedback on it.



      • #4
        OK, here it is. I took this snapshot just now. There are 3 libraries (there's actually a 4th that deals with generating Hibernate POJOs from a UML diagram but that isn't fit for release at all yet).

        The Security one depends on the Spring one which in turn depends on the Util one.

        I'm hosting these at my upstream ISP as I don't have the bandwidth myself for it at the moment in case you're wondering about the odd domain name.

        The HistoryStack stuff in the Spring module is particularly ropey as that's what I'm working on at the moment. Everything else should be OK.

        There's nothing in the way of documentation other than the JavaDoc (which isn't as complete as I'd like it at the moment either) so you're on your own with this. I don't have time to support it at the moment. All the XML config files have samples and DTDs so that shouldn't be too much of a problem.

        If you find any bugs, or have any improvements, by all means post them back to me.


        • #5
          Hi Bob,

          I was just wondering what you thought of the Acegi security system, and how your libraries differ from it?



          • #6
            To be honest, I've never tried Acegi. I looked at the documentation, but it just seemed overly complex for what it was trying to accomplish. Login enforcement and permissions/ACLs are not rocket science and should be more easily integrated IMO.

            My libraries are based on the techniques used in Seraph ( ) and OSUser ( ) but since neither of those projects are being maintained anymore as far as I can tell, I thought I'd write my own libraries from the ground up to eliminate the failings that in those projects that have never been addressed. Most of the code has been written by me, but some code is "heavily influenced" by those projects, hence the acknowledgement in the license.