Home/ Questions/Q 6872275
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T03:54:26+00:00

I have integrated Spring Security in my application and have defined access levels to

  • 0

I have integrated Spring Security in my application and have defined access levels to pages in my spring-security.xml in the following format

<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/index" access="Admin" />

Now , the above mentioned pattern restricts access to a certain page, but is it possible to go to a much more granular level and restrict access by allowing all the users to view the page , but disabling the edit controls on the page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Of course. If you are using JSP than there are built-in tag libraries:

    <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

<sec:authorize access="hasRole('supervisor')">
  <a href="edit">edit</a>
</sec:authorize>

    The edit link will only appear if the user has supervisor role. There are similar solutions for other view technologies. If you are building your UI in some component framework like Wicket, just check user credentials in Java code and hide certain controls there.

    However this is just the beginning. You should also enforce security on the server side by restricting either URL or Java methods (@Secured and friends).

    Otherwise the link won’t be visible, but malicious user can still discover hidden URL or perform HTTP POST using external tools.

    • 0