0

I have a JSP page that called a method from a controller in my Hibernate project

Here's some of my code in JSP page:

...
<jsp:useBean id="acl" scope="request" class="com.angelina.token.controller.AccessControlListsController"/>
     ...
            <c:if test="<c:if test="${acl.allowView(session,7)}">">
            <a style="font-size:12px;" href="<c:url value="/admin/account/"/>">Account Balance</a>
            </c:if>
     ...

Here's some of my Controller

...
@Autowired
private AccessControlListsService aclService;
@Autowired
private UsersService usersService;
...
@RequestMapping(value="")
@ResponseBody
public boolean allowView(HttpSession session, Integer permissionId) throws Exception {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        String userName = auth.getName();
        Users users = usersService.findByUserName(userName).get(0);
        Integer roleId = users.getRoles().getId();
        Boolean status = aclService.getByRoleIdAndPermissionId(roleId, permissionId).getCanView();
        return status;
}
...

usersService is an Service object when I called method allowView(HttpSession session, Integer permissionId) from a JSP page usersService always return null.

Does Anyone have any idea on what should I do so that my object service not return null?

I really appreciate any help.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Angelina
  • 53
  • 1
  • 6
  • Because you shouldn't be calling that method from a JSP, you shouldn't put java code in your JSP. – M. Deinum Feb 19 '16 at 09:06
  • yeah you right. As for now I did a hard way to put method `allowView(HttpSession session, Integer permissionId)` into each controller I have and throw param value from url – Angelina Feb 19 '16 at 10:26
  • imho you are trying to apply security in a somewhat convoluted way. Use Spring Security do that for you and stop putting java code i.e. script lets into your code. – M. Deinum Feb 19 '16 at 10:35
  • I already use Spring Security before and I want to change existing spring security into a managable access control list – Angelina Feb 19 '16 at 10:44
  • Ehrm.... What you are currently doing is, imho hardly manageable... – M. Deinum Feb 19 '16 at 10:50

1 Answers1

0

try to look for in your spring context if you have a component-scan tag

sth like : 

<context:component-scan base-package="org.com.******
ZaoTaoBao
  • 2,567
  • 2
  • 20
  • 28