Java Reference
In-Depth Information
<security:allowed bean="beanId" event="someEvent">
<!--use "someEvent" event handler of "beanId" action bean-->
</security:allowed>
We want to omit the User List link from the menu when the user isn't
allowed to see the page. Within the loop that displays the sections, we'll
assign the target action bean to the
"bean"
ID and enclose the code that
renders the section within the <security:allowed> tag:
<c:forEach var="section" items="${actionBean.sections}">
<s:useActionBean id="bean" beanclass="${section.beanclass}"/>
<security:allowed bean="bean">
<fmt:message var="text" key="${section.textKey}"/>
<c:choose>
<c:when test="${section eq actionBean.currentSection}">
<span class="currentSection">
${text}
</span>
</c:when>
<c:otherwise>
<s:link beanclass="${section.beanclass}" class="sectionLink">
${text}
</s:link>
</c:otherwise>
</c:choose>
</security:allowed>
</c:forEach>
Now, the User List link appears in the menu only if the user is autho-
rized access to the page. In fact, the same goes for each section of the
menu. We can add more sections with security restrictions, and the
menu will automatically display the appropriate links.
The other tag in the Stripes-Security library is <security:notAllowed>,
which works just like <security:allowed> except that it renders its body
if the user is not authorized access. That way, instead of completely
hiding links from unauthorized users, we can display grayed-out plain
text:
<c:forEach var="section" items="${actionBean.sections}">
<s:useActionBean id="bean" beanclass="${section.beanclass}"/>
<fmt:message var="text" key="${section.textKey}"/>
<security:allowed bean="bean">
<%-- same as before... --%>
</security:allowed>
<security:notAllowed bean="bean">
<span class="grayedOut">
${text}
</span>
</security:notAllowed>
</c:forEach>
Search WWH ::
Custom Search