Your Suggestion Please
Posted on 2006-11-08
I would like to control the security access based on user login. So if admin is logged in, they will see menu A, B and C. However, if normal user is logged in, they will only see menu A and B.
This would be a very dynamic menu management where there is another tool to add a new menu with a new URL and assign it to either role or to both roles.
Menu_ID Menu_Name Menu_URL
1 A /whatever.do
Now, after logged in, I have been able to control the display of the menu. Now I would like to know all of your opinions about how to handle the possibility that the normal user manually typed in the URL of the menu C which is only authorised to admin. I am actually using WebLogic but I think that the solution should be similar.
I have seen the request.isUserInRole(String role). However, can I assign this role in the runtime so after admin logged in, if I do request.isUserInRole("admin") will return true? And currently, the login is handled by LDAP (Active Directory).