• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Restricting access to data in JSF form:

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need to restrict access to data in the form depending on some condition.

For example account1 “balanceAmount” can be shown and editable to user(ex:$1000), whereas account2 “balanceAmount” can only be displayed as non editable "xxx-xx" in place of actual amount. So basically I have the same jsp page and show "balanceAmount" depending on account type.

I wondered whats the best approach to implement this kind of field level security?

I was thinking of having a composite component which accepts condition and balanceAmount objects, based on account type I will display outputText with static text "xxx-xx" and inputText with balanceAmount bound to its value attribute.
Sample code attached below:

//Composite component code
<composite:interface>
<composite:attribute name="condition" />
<composite:attribute name="balanceAmount" />
</composite:interface>
<composite:implementation>
<h:outputText value="xxx-xx-xxx" rendered="#{cc.attrs.condition}" />
<p:inputText value="#{cc.attrs.balanceAmount}" rendered="#{!cc.attrs.condition}">
<f:convertNumber type="currency" />
</p:inputText>
</composite:implementation>

//Using composite component
<util:input id="accountBalance" condition="#{account.vipCustomer}"
balanceAmount="#{account.accountBalance}" />

//Account bean
public class Account implements Serializable {

private double accountBalance;

private boolean vipCustomer = false;

getter's and setter's goes here.....
}

Is it the safe approach, will there be any maintainence or upgradation issues.
Is there a better way? Thanks for any input.
 
reply
    Bookmark Topic Watch Topic
  • New Topic