Am Montag, 3. November 2003 14:11 schrieb Chawla, Yogesh: > Hi, Hi,
> I needed to know what are the options for displaying User based > screens. > > I have to show only selected buttons/hyperlinks based on UserId/Role > Authentication. > > I believe using tiles is one of the options, any others as well.. > > All help appreciated ! When using declarative security as you describe, you can do a check in your JSP pages by using the isUserInRole() and getRemoteUser() API functions. You may use scriplets, but a better approach seems to write a custom tag that also handles the conditional logic (it's easy) for this task. One example would be the one Hans Bergsten provides along with his JSP book (<ora:ifUserInRole>); you can download the relevant source code from www.TheJspBook.com. Use this approach if you want to provide for fine-grained access control. If you want to block the entire page to non-authorized users, you may make use of the built-in Struts mechanisms in an all-or-nothing fashion (you can declaratively specify whether an Action may be executed or not by a user via the 'roles' attribute in struts-config.xml), and AFAIK, Tiles itself is following this scheme as well (that is, when making use of tiles-defs.xml and Tiles definitions as Action targets in struts-config.xml, as we do). > Yogesh HTH, -- Chris. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]