Implement access control of JSP page elements with custom label libraries and profiles
Controling client access is a problem that developers who developed a B / S-based architecture must consider. The JSP or Servlet specification based on the configuration file-based security policy is based on files, ie, only one view can be defined or all cannot be accessed. A more complex system often requires access control to a part of the view (such as a button in the JSP page), allowing only user access to some role. If a programmable security policy is used, because the definition of user roles and operations cannot be defined when developing, and this strategy has increased the programmer's workload, it may not be a good way.
I use custom label libraries and configuration files to solve this problem: the JSP page elements to control the authority such as Button as the content of the label. Get a unique name for protected content, using this name as an attribute of the label. A role has permissions to a page element or a set of page elements, described in the XML configuration file.