Hello Sudarson! SRP> Hi All,
SRP> There is acl for ejb methods and we can restrict roles to use certain SRP> methods of the bean. Now my question is that SRP> Is something possible in a declarative fashion so that user can have SRP> certain options enabled and certain disabled in the jsp/servlet output SRP> depending upon his role ? SRP> For example, let suppose we have a servlet MyServlet that creates an SRP> html output with some input boxes and buttons (add, modify, delete). Now SRP> is it possible, that ceratin user will only see modify button, some SRP> won't see any button, can only view the screen depending upon their role SRP> and verything in declarative fashion ? For jsp: why don't you build a tag library that will execute/not execute some parts of the page depending on user roles: <roles:if test="admin,superboss"> <input type="button" name="nuke" value="Nuke the database!"> </roles:if> For servlet why don't you code it manually: check .isUserInRole() and output/not output part of the page? BTW: don't forget to check this again when you process the results of a submitted form! If a normal user does not see the "nuke" button does not mean that he can not still post a request with the parameter nuke=Nuke+the+database! - Anton [EMAIL PROTECTED] [EMAIL PROTECTED] ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
