-
FEATURED COMPONENTS
First time here? Check out the FAQ!
1 | initial version | |
I have put security in the zul page but not via taglib. I used standard MVVM functionality.
mission.zul
< window apply="org.zkoss.bin.BinComposer" viewModel="@id('vm') @init('com.imf.MissionVM')" >
< label value="Your mission should you choose to accept it ..." if="${vm.canViewMissionBriefing}" />
MissionVM.java
public class MissionVM { public boolean getCanViewMissionBriefing() {
return isAuthorised("canViewMissionBriefing");
}
private boolean isAuthorised(String permission) {
if (permission == null)
return false;
Session session = (Session) Sessions.getCurrent();
Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) session.getAttribute("authorities");
for (Iterator<GrantedAuthority> iterator = authorities.iterator(); iterator.hasNext();) {
GrantedAuthority authority = iterator.next();
if (permission.equals(authority.getAuthority())
return true;
return false;
}
}
We use the user - roles - permission database configuration as per this article. So if 'Ethan Hunt' is a user, he might have a role of 'IMF Member' and permission of 'canViewMissionBriefing'.
As before, let me know if you want me to clarify anything.
2 | No.2 Revision |
I have put security in the zul page but not via taglib. I used standard MVVM functionality.
mission.zul
< window apply="org.zkoss.bin.BinComposer" apply="org.zkoss.bin.BindComposer" viewModel="@id('vm') @init('com.imf.MissionVM')" >
< label value="Your mission should you choose to accept it ..." if="${vm.canViewMissionBriefing}" />
< / window >
MissionVM.java
public class MissionVM {
public boolean getCanViewMissionBriefing() { return isAuthorised("canViewMissionBriefing"); } private boolean isAuthorised(String permission) { if (permission == null) return false; Session session = (Session) Sessions.getCurrent(); Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>) session.getAttribute("authorities"); for (Iterator<GrantedAuthority> iterator = authorities.iterator(); iterator.hasNext();) { GrantedAuthority authority = iterator.next(); if (permission.equals(authority.getAuthority()) return true; return false; }
}
We use the user - roles - permission database configuration as per this article. So if 'Ethan Hunt' is a user, he might have a role of 'IMF Member' and permission of 'canViewMissionBriefing'.
As before, let me know if you want me to clarify anything.