Guys,
I am creating a Java EE application. I have a application level managed bean in which I have a member variable called userType. This variable holds the type of user(either site admin or app admin or general user and so on...) currently logged into the site.
Using this variable how can I restrict access to jsp pages. For example, if I have a admin.jsp page...I want to make it available to only user whose type is site admin and deny for everyone else.
Currently, although I was able to successful hide (Admin Tab...admin.jsp) using rendered="#{myApplicationBean.userType=='siteAdmin'}"
but if the user directly types in the URL after loggin in, he/she can access the page...
what do I need to make sure they cannot access the page this way...
thanks
-Amor
[Message sent by forum member 'amorous' (amorous)]
http://forums.java.net/jive/thread.jspa?messageID=327694