•  19-07-2023
  •  | 
  •  

Domanda

I am a beginner in the world of ACL coding.I have no prior knowledge of filters and other concepts and cannot learn that because of time constraints.So I found an alternative way to implement ACL.

I have only 3 users suppose user,admin and sys.

So I just create jsp pages starting with the respective user types and the name of the page.

eg:- "userCheckStatus.jsp" and "sysCreateUser.jsp"

And then i check whether the usertype which is stored in the session matches with the respective page the user is trying to access. I just want to know that is this a good practise and will it provide me with the thing which I am trying to achieve. If not then what is lacking in the above method and please advise me for the same.

Thanks in advance!!!

È stato utile?

Soluzione

Your approach may work. One drawback is if you change your mind and you will want to give access rights to another user or introduce new role, you will have to rewrite it completely. For example you will have to find all references to that jsp and fix the links. If user bookmarked the jsp, it will be not found anymore. Some kind of indirection (mapping access to jsp in configuration file) would be better.

Standard servlet security is not so hard to try. See Oracle documentation. The good news is that servlet API has direct support for it.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top