Can an Aspect conditionally render parts of a JSP page ?

Question

At present the jsp pages have normal authorize tags to conditionally render links and information etc. The website is on the intranet, and we're using Spring Security 2.0.4.

Ive now got a business user who wants to allow all roles to access everything for the first few weeks, then gradually add the security back in as feedback is gathered from the business.

Rather than go through every page, removing the authorize tags, only to have to put them back in, is is possible to configure these through an aspect, or is there any other way to externalize this into a config file ? I've found Spring's MethodSecurityInterceptor and the meta data tags, but these wouldn't give me the externalization.

I've been on google for the last hour, and am now pretty sure this can't be done, but would love to find out I haven't been asking the right questions.

Advice appreciated

Answer 1

I came to the conclusion it couldn't be done the way I originally thought it could - this was my first look at Aspects. I ended up using a custom tag that extended the Spring 2 AuthorizeTag. The custom tag takes a String parameter, that could be used as a resource bundle key. The tag class looked up the resource bundle using the key to resolve as e.g

portletMenu.estateStatus=ROLE_TIER0,ROLE_TIER1,ROLE_TIER2,ROLE_MANAGED_SERVICES

then used the returned String for the comparison against the user's roles. It works reasonably well, and externalizes and centralizes authorization away from the jsp.