用定制标签库和配置文件实现对JSP页面元素的访问控制
String roleName = "";
//在用户登陆时把该用户的角色保存到SESSION中,这里只是直接从SESSION中取用//户角色。
roleName=this.pageContext.getSession().getAttribute("rolename”);
// roleList包含elementName属性为elementName,roleName属性为roleName的//ElementAndRole对象,则该角色有该页面元素的权限
???? if(roleList.contains(new ElementAndRole(elementName,roleName)))
<!DOCTYPE taglib
?PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN"
?"http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd">
<taglib>
? <tlibversion>1.0</tlibversion>
? <jspversion>1.1</jspversion>
? <shortname>myTag</shortname>
? <uri/>
? <tag>
??? <name>JspSecurity</name>
??? <tagclass>com.presentation.viewhelper.JspSecurityTag</tagclass>
??? <info>
?????? JspSecurityTag
??? </info>
??? <attribute>
?????? <name>elementName</name>
?????? <required>true</required>
?????? <rtexprvalue>true</rtexprvalue>
??? </attribute>
? </tag>
</taglib>
?
