Field display policy

Struts-Layout supports the modification of the display mode of a field (readwrite, readonly, not displayed) as a function of a custom authorization system. The goal is to display input fields readonly or writeable according to the authenticated user roles. The struts-layout policy system is open and all the developer has to do is to write an adapter class between struts-layout and its own policy system.

Policy class

The adapter class must extend fr.improve.struts.taglib.layout.policy.AbstractPolicy and implement this method:

  public abstract short getAuthorizedDisplayMode(String in_policy, String in_name, String in_property, PageContext in_pageContext);

in_policy, in_name and in_property are the values of the attributes "policy", "name" and "property" of the struts-layout input field tags.

  • in_name enables the developer to get the bean the user wants to modify (usually the struts ActionForm)
  • in_property enables the developer to know which property of the bean the user wants to modify.
  • in_policy is free to use by the developer. Here it is used to specify the role the user must have to be able to modify the value.

The methods can return MODE_NODISPLAY if the user don't have the authorization to see the field. It can return MODE_INSPECT if the user can see the field but not change its value. If the user can change the value of the field, the method should return MODE_EDIT.

This code in the jsp

<layout:password property="password" policy="admin">

will cause the edit mode to be called with in_policy = "admin", in_name = value of Constants.BEAN_KEY, in_property = password.

We can then make this method check if the authenticated user is in the "admin" role:

1  public short getAuthorizedDisplayMode(String in_policy, String in_name, String in_property, PageContext in_pageContext) {
2      boolean lc_ok = ((HttpServletRequest)in_pageContext.getRequest()).isUserInRole(in_policy);
3      if (lc_ok) {
4          return MODE_EDIT;
5      }
6      return MODE_NODISPLAY;
7  }

This makes the password field editable only for users having the "admin" role. Other users do not see the field at all.

Initializing struts-layout

struts-layout must be configured to use the policy class. This is done by setting the name of the policy class in the skin configuration file. If you're using the default skin, you need to put a file named in the WEB-INF/classes folder of the webapp. If you're using other skins properties file, you need to put the property in each file.

Example (

policy.class = com.mycompany.MyPolicy