• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

[Spring Security] Restrict access to fields in a page

 
Ranch Hand
Posts: 563
Google Web Toolkit Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
here is a quick question from someone who knows Spring core but has not played much with Spring Security.
I am wondering about the possibilities offered by the framework.

I guess Spring Security allows to restrict access to methods, objects and so on in the business layer.
What about fields in pages in the presentation layer ?

If for instance i have a JSP page with 3 fields (field1, field2, field3).
I want user1 with role1 to be able to fill all fields.
I want user2 with role2 to be able to fill field1 and field2 only. So field3 must be read-only or disabled.

Does Spring Security offer some options/features for that ?

Thanks for helping.

 
Rancher
Posts: 377
Android Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey,

Have you checked out the Spring Security tag library? Using the <authorize/> tag you should be able to do something like you are wanting.

Sean
 
Celinio Fernandes
Ranch Hand
Posts: 563
Google Web Toolkit Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, thanks.
So i can use the <authorize /> to decide whether to display or not display a field, a block of code etc... if the user does not have the required role/profile.

What if i still want to display the fields and just want to make them read-only, non editable... ?
What's the recommended way to do that ?

Thanks.
 
Sean Clark
Rancher
Posts: 377
Android Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey,

I'm not sure what the recommended way to do it is, you could use the tags to say if priv1 do this if not priv1 do that or something similar. You do end up duplicating code though. You could also create your own tags with this logic security logic.

Sean
reply
    Bookmark Topic Watch Topic
  • New Topic