Hi all,
I'm adapting an authentication/authorization system we are using within
normal JSP/servet pages. It consists of a simple class which must be
instantiated at the beginning of the page. It knows where to redirect
the user for authentication and within the JSP/Servlet you can use its
methods to get user information such as the username, fullname,
telephone, etc.
What's the best place to incapsulate the funcionalities provided by this
class? I'm buiding an action for authentication purposes and I plan to
develop a logicsheet to incapsulate authorization primitives so I can
declaratively decide whether to make available some data or not
depending on the current user role.
Is this the way to go? I thought about incapsulate my class into an
action, but this way I don't know how to take authorization decisions.
For example I need one "edit" link if the user has the "Editors" role,
but none if s/he has the "User" role. I don't want to create two
different pages for this.
Any help?
Thanks,
Gianluca
--
Gianluca Sartori ELIS - SIE - Software Development
Via Sandro Sandri, 81 (tel) +39 06.43.56.03.55
00159 Rome - Italy (fax) +39 06.43.56.03.99
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
