java – Hide screen options if user does not have permission

Question:

I'm having a problem with a web application I'm creating here, I'm using spring security to control access, session and login, with java backend with restful and frontend with primefaces . I would like to know if you can hide the options that the user does not have permission to access.

Currently I intercept the url and if I don't have permission I call another screen that warns of this impediment asking it to return to the home. I wish those options didn't appear to him.

Answer:

You can use Spring's namespace security facelet tags to conditionally render JSF components (including Primefaces) as per the authorization of the current user.

The namespace is http://www.springframework.org/security/tags . Let's say it's mapped to sec , an example code would be this:

<sec:authorize ifAllGranted="USUARIO_BACANA">
    declare aqui os componentes para o usuário bacana.
</sec:authorize>

More information: http://keylesson.com/index.php/2015/06/18/spring-security-authorize-tag-example-1993/

Scroll to Top