I am working on a project that requires that i implement a mechanism for controlling data access to the content that displayed on the pages.
First off to clarify, i am not refering to the ability for different users to log on to a specific page and or view specific pages. That is a different type of access control. I am more interested in the “Data Access” i.e. where multiple users can view the same page but the data that is displayed depend on the data access control privileges they have.
I am intersted to know of the different approaches out there to implementing “data access” control. is there a framework out there for this kind of thing? I am currently using Struts.
I’m thinking to do this, i will need to somehow to categorize and store the kinds of data i keep and which configure which users can view/amend it. I want to try and avoid produce something completely from scratch so I’m wondering how the experts do this and what frameworks technologies assist them in doing it.
I guess you need Spring Security Framework. With this framework, you assign different roles to different users. For example, we can define two roles: ROLE_USER, ROLE_ADMIN. Then we assign those roles to users. For example, a user A can have only one role, ROLE_USER and a user B can have both of the roles. Now if on a particular JSP, you want to show something to user B only, you can put the code into a pair of authorization tags:
Similarly if you want to show something to both of them:
Hope it helps.