The tag is currently authorized to tag the JSP pages in orderly to render tags and notifications. The website is on intranet, and we are using Spring Protection 2.0.4. Ive now got a business user who wants to allow all the roles to access everything for the first few weeks, then gradually gathering security is collected by the feedback business.
Rather than go through each page, it is possible to remove the authorized tags, only to put them back, to configure aspects by them, or to externalize it in another way, a config File? I've found Spring's method safety interceptor and meta data tag, but it will not give me externation.
I went to Google for the last hour, and now I am pretty sure that this can not be done, but I would love to find out that I am not asking the right questions.
Appreciate the advice
I came to the conclusion that the way I Thought, this can not be done - this was my first point on aspects - I ended up using a custom tag, which extended the Spring 2 authorization tag. Custom tag takes the string parameter, which can be used as a resource bundle key tag class has the resource bundle like
portletMenu.estateStatus = ROLE_TIER0, ROLE_TIER1, ROLE_TIER2, ROLE_MANAGED_SERVICES< P> using the key to solve, then the returned string was used to compare it against the user's roles, it works quite well, and centralization of authentication and authentication from JSP Does.
Comments
Post a Comment