Whold like some feedback on handleing access control. I have a master employee file that contains a job class. I have a file that assigns roles to each job class. My app looks at these roles to control access but this is where I could use some help.
Right now on my
servlets that request
JSP form I call the class with the user job class and role values. The class returns true or false. I then set a session attribute as either true or false. Then I use expression language and javascript to control display of the JSP.
Is there a better way? Please help.