In the previous blog post I showed you how to provide method level security. Now let's see how to hide or show elements based on the user role. Well it is quite simple with spring security tag library. just do the following to grant rights to view a specific user role to access some content.
declare the tag lib as follows in the jsp file
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
* Note that in order to use the above library you need to add the spring security tag lib jar file in your class path. you can easily get the dependency from maven repository.
Then go to the element you need to grant rights and surround it with the following block.
<sec:authorize access="hasRole('supervisor')">
</sec:authorize>
Also do not forget to put the following line to your spring security context file.
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
No comments:
Post a Comment