• Post Reply Bookmark Topic Watch Topic
  • New Topic

Restricting access to data in JSF form:  RSS feed

Sandeep GoudK
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to restrict access to data in the form depending on some condition.

For example account1 “balanceAmount” can be shown and editable to user(ex:$1000), whereas account2 “balanceAmount” can only be displayed as non editable "xxx-xx" in place of actual amount. So basically I have the same jsp page and show "balanceAmount" depending on account type.

I wondered whats the best approach to implement this kind of field level security?

I was thinking of having a composite component which accepts condition and balanceAmount objects, based on account type I will display outputText with static text "xxx-xx" and inputText with balanceAmount bound to its value attribute.
Sample code attached below:

//Composite component code
<composite:attribute name="condition" />
<composite:attribute name="balanceAmount" />
<hutputText value="xxx-xx-xxx" rendered="#{cc.attrs.condition}" />
<p:inputText value="#{cc.attrs.balanceAmount}" rendered="#{!cc.attrs.condition}">
<f:convertNumber type="currency" />

//Using composite component
<util:input id="accountBalance" condition="#{account.vipCustomer}"
balanceAmount="#{account.accountBalance}" />

//Account bean
public class Account implements Serializable {

private double accountBalance;

private boolean vipCustomer = false;

getter's and setter's goes here.....

Is it the safe approach, will there be any maintainence or upgradation issues.
Is there a better way? Thanks for any input.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!