Page with different templates and web security.

[Александр Кисоржевский]

Hello!

I have 2 questions. First, what is the best appoach for implementing site which contains pages based on different templates?

For inst., I have normal pages and admin pages. They look different. I can  describe both

cases in my custom site/web/mydesign/Page.jsp, but that is messy.

Are there any better approaches?

Second, I wonder how I can implement web security. Previously, I used spring security, but with Jease it lead to conflicts.

Spring's per-url approach is common to me: 

  <sec:http use-expressions="true">
         <sec:intercept-url pattern="/resources/*" access="permitAll" />      
  	 	<sec:intercept-url pattern="/login.html" access="permitAll" />
         
  		<sec:intercept-url pattern="/*.html" access="permitAll" />  	 	

 
  		<sec:intercept-url pattern="/admin/add_control.html" access="isAuthenticated()" />    
  		<sec:intercept-url pattern="/admin/management.html" access="isAuthenticated()" />    		
       <sec:intercept-url pattern="/admin/*" access="hasRole('admin')" />         
        <sec:intercept-url pattern="/**" access="denyAll" />
        <sec:form-login login-page="/login.html" authentication-failure-url="/login.html?fail=1"  />
        <sec:logout logout-success-url="/index.html" />
        <sec:remember-me key="rememberMe" token-validity-seconds="30"/>
    </sec:http>

Admin pages can be accessed only by users with role 'admin'. If a not-logged user tries to access admin page he falls to login page. Some tabs and html blocks in normal pages are displayed only

for admin users. 

Are there any workarounds to use spring with Jease? Are there any out-of-the-box authentication mechanizms in Jease which I can use in my webapp to implement such functionality?

[Александр Кисоржевский]

I watched previous posts and found suggestions on multi-templating - creating proxy in page.jsp - Research first then ask! :)