Sapiens Sapiens Sapiens Sapiens - 1 year ago 56
SQL Question

JSP Login user roles

I have one page with JSP forms that contains upload and delete button which is the primary or only role of the admin users. If the login user is not admin I dont want any user to have access for that, I tried but I can not find any solution can someone help me.

Answer Source

If you're using Spring, you can guard your buttons with sec:authorize:

<sec:authorize access="hasRole('admin')">

If you don't use Spring you can use JSTL's c:if, but in that case you'll need to expose roles in JSP somehow, e.g. in session:

<c:if test="${sessionScope.user.role == 'admin'}">