We have all our jsp pages preceded by an Action, we have no jsp pages accessed directly. All our actions have security. We have even looked at tiles and the way they can be hidden as well. I offer this as our way of ensuring each page has adequate security. I also offer it as a way to simplify the jsp so as little business logic as can be is contained in the jsps.
Michael Oliver CTO Alarius Systems LLC 3325 N. Nellis Blvd, #1 Las Vegas, NV 89115 Phone:(702)643-7425 Fax:(702)974-0341 *Note new email changed from [EMAIL PROTECTED] -----Original Message----- From: sudip shrestha [mailto:[EMAIL PROTECTED] Sent: Monday, April 11, 2005 6:37 AM To: Dave Newton; Struts Users Mailing List Subject: Re: session expiration issue and tiles Dave: I can understand presenting different menu options based on user privileges and having the same layout pages. But my concern is there may be some pages which a user with less privileges may not be allowed to see at all, and what if he finds the url of that page and types the url in the browser and if that particular page does not have the authority-check not built into it, that user may be able to do stuff on the page......I hope you know what I am saying. On Apr 8, 2005 3:56 PM, Dave Newton <[EMAIL PROTECTED]> wrote: > sudip shrestha wrote: > > >I have user types with varying level of privileges and only a defined > >user type can access a particular page. I thought of using filter for > >this purpose, but not sure how to designate which layout*.jsp (have > >created multiple layout.jsp pages for varying user types: e.g. admin > >can access layout1.jsp, user can access layout2.jsp) can be accessed > >by which user type. > > > I'm not sure if we're addressing the same problems, or if my solution is > a good one, but I have "tiles:insert" tags that insert menuing sub-tiles > wrapped by an authorization level check, so depending on their auth > level they get a different menu tile inserted. > > So the overall layout is the same for all user types, but different user > authorization levels have different subtiles inserted. This method could > be extended to cover any aspect of the layout: in my case it's a single > row of menu options underneath the page's logo header. > > I imagine you could also create the name of the tile to be inserted > on-the-fly using EL, but I didn't do that. Don't know why not; that > seems cleaner, but I'm tired. > > Dave > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
