Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security roles in JAVA EE application

Status
Not open for further replies.

DotNetGnat

Programmer
Mar 10, 2005
5,548
IN
Hello All,

I am creating a JAVA EE application and I have a session level bean called MyApplicationSessionBean.

MyApplicationSessionBean.Java has the following:

private String userType;

public getuserType()
{
//business logic here to decide what type of user
//uses database for deciding what type of user
return userType;
}

userType can be either "admin", "customer", "anonymous" etc...

Now...I have the following link


this link should be viewable and available only for user of type "admin"

so on my site..I have menu tabs and one of the tabs is "Admin Section"...if the user clicks that he will be going to admin.jsp link shown above...

what I did is...I made this admin tab available to only admin users using rendered="#{mysessionBean.userType='admin'}"

so when a customer logs in, he would not see the tab...

but when the customer goes to the admin.jsp link by typing the URL, he or she can access the page contents...

how can I restrict that...

thanks

-DNG
 
Easy option: Rewrite that jsp so it checks the user
Nice option: Use the security roles on your application server

Cheers,
Dian
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top