Originally posted by Gopi Balaji:
One could use declarative security for authentication, and programmatic security for authorization.
Originally posted by Simon Brown:
However, while declarative security can restrict who sees a specific resource such as a JSP, it can't help with controlling whether or not that person is authorized to see the information displayed on that page.
A good place for this type of logic (on the web app side) would be servlet filters or custom tags.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koophttps://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton