In my last post I protected some resources in web.xml to force users to login for CRUD operations on swagItems.
Now I've come as far as getting the logged in user's email and nickName using the Google UserService.
When a swagItem is added, I associate an email with it so that only the owner (or admins) can perform CRUD operations on it. I check authorization on the server side and using a custom tag library in the JSPs. See the checkPermissions() method in ItemServiceImpl. Note the googleUserService here is injected using spring.
The taglib I use in the JSP is called IsAllowedTag. It's used in listSwagItems.jsp to show or hide the action buttons.
Another tag that takes advantage of the Google Accoutns AOI is the LoginLogoutTag. I'll let you guess what that does (also used in listSwagItems.jsp)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment