[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [aspectj-users] advising JSP's
|
Hi,
I am working with the generated servlet and custom tags. I am able to weave into the servlet easily.
I couldn't even begin to understand the second idea that you mentioned :)
Thanks,
Mohan
On 2/15/06, Ron Bodkin <rbodkin@xxxxxxxxxxxxxx> wrote:
The way my design worked was to have advice or a Servlet Filter wrap the output stream and buffer output until a complete UI control was emitted. I relied on there being other code (another aspect) that threw a security exception if the user didn't have permission to view the given information.
I.e., when rendering the control, I made sure it threw an exception if the user didn't have the right permissions.
If you are still having the user explicitly include a custom JSP tag for a permission check, can't it just evaluate role membership and either include or skip the body appropriately?
I.e., what behavior are you seeking to achieve with an aspect?
I know of two reasonable strategies to control JSP or other forms of markup output in a crosscutting manner:
1. Refactor into custom tags, and advise the Java code for those tags
2. Filter the output stream (either with advice that decorates them on creation or by wiring in with a Servlet Filter through multiple layers: something which I found worse than the aspect approach)
You can also combine 1+2. IMHO, this is an area where you can apply aspects but it's not simple because you don't have something like AspectJSP that lets you match natural joinpoints in a JSP. Instead you can work on the generated mark up or the generated Java codeā¦
Thanks Ron. My gmail client sometimes does not receive my posts. So I sent a duplicate.
Are you intercepting the tags before the servlets are generated ? In my case there is no
securityexception. The html control either appears or not based on the role.
On 2/13/06, Ron Bodkin <
rbodkin@xxxxxxxxxxxxxx> wrote:
Hi Mohan,
I'm assuming you are hoping to replace the use of JSP tags here. I've prototyped doing this kind of field-level security. When I did it, I did it based on the content being produced, with a strategy like this: look for tags that indicate the start & end of a UI control, buffer input while reading a control, if a security exception appears mark this control as "not present".
I think it would be hard to do this based on the calls to writing to a stream, typically it's the markup content that matters here.
p.s. I received both of your emails
I have several JSP's that display certain fields based on the role of the login user. So I use tags like this
<logic:notPresent role="admin">
I want to isolate this concern and weave it into the servlets generated from the JSP's. But I found that the generated servlets are pretty complex.
How do you handle this type of weaving ? Appreciate any suggestions.
_______________________________________________
aspectj-users mailing list
aspectj-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/aspectj-users
_______________________________________________
aspectj-users mailing list
aspectj-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/aspectj-users