Raible's Wiki

Raible Designs
Wiki Home
News
Recent Changes

AppFuse

Homepage
  - Korean
  - Chinese
  - Italian
  - Japanese

QuickStart Guide
  - Chinese
  - French
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish
  - Japanese

User Guide
  - Korean
  - Chinese

Tutorials
  - Chinese
  - German
  - Italian
  - Korean
  - Portuguese
  - Spanish

FAQ
  - Korean

Latest Downloads

Other Applications

Struts Resume
Security Example
Struts Menu

Set your name in
UserPreferences

Edit this page


Referenced by
AppFuseAcegiACL
AppFuseAcegiACLSavin...




JSPWiki v2.2.33

[RSS]


Hide Menu

AppFuseAcegiACLSecuringJSPs


Step VIII: How to use the ACLs in your JSPs

In this step we add new JSP Tags to the corresponding pages in order to prevent that a user tries to execute an action he is not allowed to execute on an object.

Securing the personList.jsp

  • Open the personForm.jsp
  • Replace the the cell "buttonBar" with the following content:
<td class="buttonBar">
	 <authz:acl domainObject="${person}" hasPermission="4,8,1">
	  <input type="submit" class="button" name="save" 
	    onclick="bCancel=false" value="<fmt:message key="button.save"/>" />
	</authz:acl>
	<c:if test="${person.id != null}">
	  <authz:acl domainObject="${person}" hasPermission="16,1">
	    <input type="submit" class="button" name="delete"
	    onclick="bCancel=true;return confirmDelete('Person')" 
	    value="<fmt:message key="button.delete"/>" />
	  </authz:acl>
	</c:if>
  <input type="submit" class="button" name="cancel" onclick="bCancel=true" value="<fmt:message key="button.cancel"/>" />        
</td>
  • Take a look at the new tags: The authz tag checks, if the current user has certain permissions on the object stored in the variable person (In this case the rights identified by 1,4 and 8). These ints are the same ints used with Constants in the applicationContext-service.xml, e.g. 1 = org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION.
  • Here a short list of different permissions and their int representation:

PermissionInt value
ADMINISTRATION1
READ2
WRITE4
CREATE8
DELETE16
  • All other combinations (like READ_WRITE) are done by OR combinations

Heres the relevant part of the SimpleAclEntry:


 // Base permissions we permit
    public static final int NOTHING = 0;
    public static final int ADMINISTRATION = (intMath.pow(20);
    public static final int READ = (intMath.pow(21);
    public static final int WRITE = (intMath.pow(22);
    public static final int CREATE = (intMath.pow(23);
    public static final int DELETE = (intMath.pow(24);

    // Combinations of base permissions we permit
    public static final int READ_WRITE_CREATE_DELETE = READ | WRITE | CREATE
        | DELETE;
    public static final int READ_WRITE_CREATE = READ | WRITE | CREATE;
    public static final int READ_WRITE = READ | WRITE;
    public static final int READ_WRITE_DELETE = READ | WRITE | DELETE;

Next step

Additional thoughts.


Go to top   Edit this page   More info...   Attach file...
This page last changed on 06-Nov-2006 13:53:00 MST by PeterSchneider-Manzell.