struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Bollmeyer <>
Subject Re: Display User based/Role based Links/Buttons
Date Mon, 03 Nov 2003 19:43:46 GMT
Am Montag, 3. November 2003 14:11 schrieb Chawla, Yogesh:
> Hi,


> I needed to know what are the options for displaying User based
> screens.
> I have to show only selected buttons/hyperlinks based on UserId/Role
> Authentication.
> I believe using tiles is one of the options, any others as well..
> All help appreciated !

When using declarative security as you describe, you can do a
check in your JSP pages by using the isUserInRole() and
getRemoteUser() API functions. You may use scriplets, but
a better approach seems to write a custom tag that also
handles the conditional logic (it's easy) for this task. One 
example would be the one Hans Bergsten provides along
with his JSP book (<ora:ifUserInRole>); you can download
the relevant source code from
Use this approach if you want to provide for fine-grained
access control. If you want to block the entire page to
non-authorized users, you may make use of the built-in
Struts mechanisms in an all-or-nothing fashion (you can
declaratively specify whether an Action may be executed
or not by a user via the 'roles' attribute in struts-config.xml),
and AFAIK, Tiles itself is following this scheme as well
(that is, when making use of tiles-defs.xml and Tiles
definitions as Action targets in struts-config.xml, as we

> Yogesh

-- Chris.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message