Revision history [back]

click to hide/show revision 1
initial version

answered 2016-08-18 04:20:34 +0800

Col gravatar image Col

I have put security in the zul page but not via taglib. I used standard MVVM functionality.

mission.zul 


< window apply="org.zkoss.bin.BinComposer" viewModel="@id('vm') @init('com.imf.MissionVM')" >
    < label value="Your mission should you choose to accept it ..." if="${vm.canViewMissionBriefing}" />

MissionVM.java 


public class MissionVM {
 
public boolean getCanViewMissionBriefing() {
    return isAuthorised("canViewMissionBriefing");
}

private boolean isAuthorised(String permission) {
    if (permission == null)
    return false;

Session session = (Session) Sessions.getCurrent();
Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) session.getAttribute("authorities");
for (Iterator<GrantedAuthority> iterator = authorities.iterator(); iterator.hasNext();) {
    GrantedAuthority authority = iterator.next();
    if (permission.equals(authority.getAuthority())
        return true;

    return false;
}

 
}

We use the user - roles - permission database configuration as per this article. So if 'Ethan Hunt' is a user, he might have a role of 'IMF Member' and permission of 'canViewMissionBriefing'.

As before, let me know if you want me to clarify anything.

I have put security in the zul page but not via taglib. I used standard MVVM functionality.

mission.zul 


< window apply="org.zkoss.bin.BinComposer" apply="org.zkoss.bin.BindComposer" viewModel="@id('vm') @init('com.imf.MissionVM')" >
    < label value="Your mission should you choose to accept it ..." if="${vm.canViewMissionBriefing}" />
< / window >

MissionVM.java 


public class MissionVM {
 
public boolean getCanViewMissionBriefing() {
    return isAuthorised("canViewMissionBriefing");
}

private boolean isAuthorised(String permission) {
    if (permission == null)
    return false;

Session session = (Session) Sessions.getCurrent();
Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) session.getAttribute("authorities");
for (Iterator<GrantedAuthority> iterator = authorities.iterator(); iterator.hasNext();) {
    GrantedAuthority authority = iterator.next();
    if (permission.equals(authority.getAuthority())
        return true;

    return false;
}

 
}

We use the user - roles - permission database configuration as per this article. So if 'Ethan Hunt' is a user, he might have a role of 'IMF Member' and permission of 'canViewMissionBriefing'.

As before, let me know if you want me to clarify anything.
About Us | Faq | Help | Privacy Policy | Contact Us
Copyright Potix Corporation 2015.
Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More