I am using Spring MVC for my web application. My views are JSP based. What is the best practice to show role based menus?
Should I make a check on the JSP page for a role?
Should I build the menu in a Java class and pass it to a JSP page to show up?
Anything else?
Use a framework like Spring Security instead of implementing the complete security infrastructure on your own. Like all other Spring modules, you would simply configure the framework declaratively using XML (for defining roles etc.) and so it's quite flexible.
Spring Security comes with its own tag library that you would then use to secure your HTML elements. For example, to make a menu item available for Admin roles only just wrap it in an appropriate <sec:authorize> tag.
References:
Spring Source is a good place to begin with. Have a look at this video as well from their YouTube channel. Getting Started with Spring Security 3.1
Make different role based menu pages and include them in you main content page at runtime.
Related
I am new to Spring and JSF,and I want to integrate JSF for the front end, and use Spring controller. Can Anyone give me a explanation or an example how this can be done?. Basically what I want is a form submission (which will create a Business object and feed it to the database) and navigate using controllers.
The required xml files ? and its element?
A Basic form( ex: Like a User registration )
Spring class with #Controller, and #RequestMapping etc.
I just want to know how the form submission works and the flow of that.
If you want to integrate Spring with JSF you don't need to use #Controller and #RequestMapping, those are for SpringMVC. JSF itself has navigation mechanism use that.
If you need example check Integrate Spring into JSF 2
Actually i'm developing Spring Annotation based Application. In that Login.jsp file is their.
When User enter Details and click remember me check box that cookie remember in browser same gmail service (stay in).
So in that i'm search in google,i'm finding Spring also provide Remember me Functionality, But it take supported Jar file.
Is their any Simple way for Storing Cookies on browser?
Use either #SessionAttribute or #CookieValue annotation of spring-mvc. Read more about it on the spring manual
I have an application which uses Spring for backend and ExtJs for UI.
In this application, users can have variours roles and access rights.
When a user logs in and opens a form, then depending upon her role, its decided that which fields will be displayed to her.
For handling this, we have done following two things:
1. Enclosed the JS code (code which needs to be filtered on basis of role) in spring security tags following way:
< tag start >
js code
< / tag end >
2. Saved all js files as jsp, for example, instead of having a file as test.js - we changed it to test.js.jsp. This forces the backend to parse the security tags before delivering the code to client side.
Though this works fine, but there are following issues which we are ambigous about:
a. Is this the best way of implementing such thing? What other way could this be acheived?
b. After converting js to jsp, the compression tools for JS are not able to minify it due to presence of spring security tags. Could something be done about it?
Looking forward to guidance at above.
Thanks in advance.
Spring 2.5.6SEC02
Spring Webflow 2.0.9
I have a normal flow in which I have a form in flow scope. I now want to call my annotated spring MVC #Controller and get access to the form information. I basically want to display details as a modal dialog box on the screen. I've been reading up on spring-js, but I'm not very familiar with it and it seems to want to incorporate dojo into my code.
Thanks in Advance.
You can keep the form in session scope instead, that way it is available both to webflow and other controllers. That will however mean that it is shared between tabs and possibly reused in later conversations (Though you can probably prevent that).
Another solution is passing the flow execution key to the controller and have the controller read it from the FlowExecutionRepository.
I'm developing a web application using Spring MVC 3.0 and looking for a ready-made solution, if any, or a "best practices" reference for a url/action mapping and routing system that can achieve the following:
REST-friendly controller / method name to view mapping. The current mapping implementation translates the request to a view name, which may be problematic when using several parameters and is incompatible with REST urls
A service that accepts the name of a controller, a method and arguments values and renders the URL that's represented by them
Integration with Spring Security that can allow me to check for a given URL whether the current user is allowed to access it, so that I can decide whether or not to render a URL
A menuing system based on the above that can define menues composed of these actions and render them to page
Basically what I need is the ability to define URLs in one centralized place, so that changing a URL (during development; I'm aware of the don't-change-live-urls idea :) ) does not mean looking up and changing that URL in a zillion pages.
Any directions to such an existing solution / tutorial / guide would be great.
Thanjs
This is a feature I really miss in Spring MVC.
That's why I created the springmcv-router project, basically a port of PlayFramework's Router implementation in Spring MVC (HandlerMapping + HandlerAdapter).
I'm heavily using it in several real-world projects and the Router implementation itself is reliable.
Try using Spring Roo. It utilizes many best practices for spring MVC, and it has a scaffolding feature that automatically maintains a menu, jsp's and all the CRUD methods of a controller.
Setting up Spring Security with Roo is as simple as typing "security setup".
Hope this is helpful.