While login itself you can have the permissions in the session and based on the permissions you can hide the links. Just for one variable i think there is no need to call the database.use can use <logic:presenet> or <logic:equal> for this. -----Original message----- From: "Rivka Shisman" [EMAIL PROTECTED] Date: Wed, 11 Jan 2006 04:18:23 -0800 To: "Struts Users Mailing List" user@struts.apache.org Subject: Enabling links according to user's authorization
> Hi everyone, > > We have a web application running on Websphere Application Server V6. > Say I have a JSP page that enables working on Student details. > This JSP page enables users to view, insert, update or delete student > records. > Now, some users can only use the 'View' link, others can also use > 'Insert' link, and some other users can only update. > > From what i know, i can hold a DB table that indicates for each user and > table - which operations are allowed. > But, my question is - what is the right way to do that on the JSP page? > Do i call this security table on each page load and hide the > unauthorized links? Or, do always show all the links and just let the > database throw an exception and give a message to the user, when he/she > presses an unauthorized link? Or is there a third and better way? > > Thanks > Rivka >
