Authorization check for links on a page

We are trying to control whether links on a JSP page are displayed or hidden based on an authorization check.
We've already got the checks working on individual pages but not for the links within a page, because the security framework does not list links as their own Resource.
Is there a way to call the Authorization security provider ourselves, for each link on our JSPs? This call would be outside of the initial security check for the main JSP.

It's not going to be easy without DOM. Parsing HTML is a real pain, since there's all kinds of optional tags and quotation marks (pre-XHTML, that is). That makes any kind of ad-hoc parsing using regular expressions difficult, and less accurate than pulling the entire file into a DOM representation.
Why don't you want to use DOM? Are you just making up silly requirements?
EDIT:
I guess you could use an event-based HTML parser (HTML::Parser in Perl works this way. Is there a Java equivalent?) Set up an event for IMG and A start tags, and extract the href/src attributes there. Finding out if they are valid or not will require either:
1) Simply validate that the URL is well-formed by creating a URL object from it. This won't tell you if the link is active or not
2) Validate the URL by connecting to it with an URLConnection. However, the URL will be marked invalid if the server is down or the URL is otherwise unavailable.
Brian
Message was edited by:
[email protected]

Similar Messages

  • Set Up Authorization Check for G/L Accounts  into PO creation

    Dear friends !
    How could I activate check to the access to certain accounts into PO creation ?
    I know that is possible to activate this into Purchasing customizing under path
    SPRO > Materials management > Purchasing > Purchase order > Set Up Authorization Check for G/L Accounts
    But could I use it to give access only to certain GL Accounts by user ? Is this the purpose of this customizing ?
    If yes what´s the object should I use to link with user account !?
    best regards,
    Ale

    Hi ,
    After you setup the configuration in transaction OMRP, please setup up
    the authorisation group in the account code (FS02, the field is on the
    "Control", technical name is BEGRU).
    When a account assigned purchase order is created, the system checks for
    object F_BKPF_BES with values from the BEGRU and activity 01.

  • Authorization checks for PNP LDB

    question    : how to validate authorization checks for pnp logical database?
    2 nd question: hr report
    this report is basically for salary survey. in this i had so many fields can any body let me know how
    can i form the internal tables. and i have to display overall 150 fields in csv file for that
    how can i take in to the final internal table.
    what is the logic behind this:
    T71JPR09-JOBCODE
    PA0000-PERNR
    HRP1000-STEXT
    P0006-PSTLZ
    PA0008-ANSAL * 100 / PA0008-BSGRD
    PA0015-BETRG
    PA0761-LTEXT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-GRADT  WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-ZZGRANT WHERE PA0761-CPLAN = LTI PLAN PSU YEAR 1
    PA0761-LTEXT WHERE PA0761-CPLAN = LTI PLAN esu YEAR 1
    like that i had.
    please give me the steps how can i proceed.

    Hi,
    The PNP database will take care of authorization check. It will not execute if used does not have authorizations.
    Hope this helps.

  • The spell check for arabic language in pages v 5.2 are Not working ! please Help !

    The spell check for arabic language in pages v 5.2 in mavericks are Not working ! please Help !

    MANKWT wrote:
    No i Did Not !
    Perhaps you can find an Arabic dictionary for OpenOffice.  That may also work with OS X.
    http://m10lmac.blogspot.com/2011/06/extra-spell-checking-dictionaries-for.html

  • Create authorization check for a report

    Hi,
    I need to create an authorization check for a report. It means that I need to restrict the usage of the report to couple of users ( 'USER1' and 'USER2' ). How can I do that? I did read through a lot of threads regarding this piece got a bit confused and stuck while creating the authorization object.
    Say the report name is ZHR_TIMEABC.
    Can anyone explain how to create an authorization object and how are they tied to the object and call them in the abap code?
    Thanks in advance,
    VG

    Hi,
    Thanks. Here is my understanding, S_C_FUNCT calls a system generated function module to make an authority check. So, if different users say USER1 and USER2 have different authroization levels, defined in their user profile, just adding this piece code will take care of authroization check for the program OR do I need to take care of something else?
    If so, when do we need to create the authorization objects using SU20 and assign the group and follo this process? When do we use this approach ( lot of threads on authority check have mentioned this procedure)?
    Your inputs will be helpful to understand this concept.
    Thanks,
    VG

  • Authorization Check for Special Stock Indicator in IE02

    Dear Gurus,
    Would like to check with you if there is an authorization check for change in Special Stock Indicator in IE02-SerData Tab?
    For example, the User will only be allowed to change the Special Stock Indicator only to "E" - Sales Order.
    Would appreciate your help.
    Thanks.

    Hi,
    This cannot be done by using standard auth object. Standard SAP doesnt support control via this field.
    Take help of your ABAP team and create an customized authorization object "Z_OBJECT" with field SOBKZ and which check these field value in table EQBS. Assign this auth object to role and profile you want.
    Use the user exit IEQM0003 Additional checks before equipment update. Give a logic to check auth object when while using equipment change tcode.

  • Authorization check for a program/table

    Hi ,
    Can anyone help me out in
       How to do authorization check for an abap program and also a table.
       I have no idea about the authorizations.
    My requirement is that I need to do the authorization check in such a manner that only users having a certain profile
    1. should be able to execute the program
    2. View of the entries of the table.
    Thanks & Regards,
    Keerthi

    Hello Keerhi ,
    I got you wrong at first!
    If you want to have only certain users to be able to do certain operations, then you need to assign the appropriate roles to those users!
    First find the role
    second add the user in the role ( PFCG T code---> USers tab)
    Raj

  • Authorization checks for bank account number in vendor master

    I am trying to find a way to set up authorization checks for specific fields in the vendor master: LFBK-BANKL, LFBK-BANKN, LFBK-EBPP_ACCNAME and LFBK-EBPP_ACCNAME. I am tring to set ip up so that if you have access to transactions FK03 or XK03, you can view vendor master data except for the above fields.
    Does anyone know of a way to accomplish this? Your help will be greatly appreciated.
    Thanks
    -Peru

    HI Peru,
    To supress a field in FK03 u will have to check
    Financial Accounting (New)>Accounts Receivable and Accounts Payable>Vendor Accounts>Master Data>Preparations for Creating Vendor Master Data-->Define Screen Layout per Activity (Vendors)
    in that Display Vendor (Accounting) for FK03 and Display vendor (centrally) for Xk03
    But there bank account no is not there.
    Moreover there r no authorization objects for all the fields that u gave.
    So try creating screen variant/ transaction variant in SHD0.
    Regards,
    Kiran

  • How to turn off the authorization checks for a object in infoproviders?

    Hi - how can I turn off the authorization check for an object (ex: 0orgunit) in infoproviders?
    I have 0orgunit as an authorization-relevant object and is used in one of the cubes. When reports are run for this cube, this is causing authorization issues. The object is present in other cubes also but I have to remove or turn off the authorization check of this cube alone. How to do this? Please help.
    Thanks,
    Raj.

    Hi Raj,
    Srinivas, is right , however in BI7 the correct transaction is RSECADMIN and not RSADMIN.
    In BW3.5, use RSSM transaction to do thins.
    OR
    Go to transaction RSECAUTH ---> Choose  the authorization object that has been created for org unit(and has been assigned to the user). Go to change mode. Remove the cube from the dimension 0TCAIPROV
    If you are using old authorization concept in 3.5 or in 7.0
    Go to RSSM. In the checks for infoprovider, enter your infoprovider name. Choose change.Here you will see a checkbox to switch off the authorization.
    Hope this helps you,
    Best regards,
    Sunmit.

  • No ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document

    In EP we are trying to access bsp
    and we are getting error ,User T000209 (client 350) has no ICF authorization CHECK for executing /sap/bc/bsp/sap/hap_document
    How to give authorization please help
    venkateswararao

    First Check is the ICF service is active using the SICF transaction.
    Then Check for the authorization objects SAP_HR_HAP_EMPLOYEE
    and SAP_HR_HAP_MANAGER.
    Add the above roles to your user , it should work

  • ACCESS.ERROR: Authorization check for caller assignment to J2EESecurityRole

    Hi
    After updating our portal (NW04 SP20) this new error occurs in the default.trc log.
    <i>ACCESS.ERROR: Authorization check for caller assignment to J2EE security role [service.jms.default.authorization : administrators] referencing J2EE security role [SAP-J2EE-Engine : administrators].</i>
    I have not found anything helpfull thusfar.
    Thank you for your help in advance

    Hi,
    We had the same problem after upgrading to 2004s sp13.
    We applied all available patches and it went away.
    Check out this thread:
    <a href="https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0">https://www.sdn.sap.com/irj/sdn/thread?threadID=614693&tstart=0</a>
    Best regards,
    Avisahi Zamir

  • How add Authorization check for user with assigened role for t.code-MIR4

    Hi All,
    Regarding authorization how to check authorizations check for user whith assigned roles for the t.code MIR4  using ABAP.
    In Detail:2)     All users are allowed to go to MIR4(invoice number), But ONLY for users with role: MM_RELEASE_INVOICE can proceed to do the posting.
    suggest me...
    Thanks,
    srii..

    Hi Sri ,
    first u need to find out  in which user rules u are using this object , after that if u want to restrict users then remove create/change values from that object values .
    make use of Tcode SUIM to find out all roles which are using this Object.
    or
    ask ur basis guy to remove authorizations to create/change....
    regards
    Prabhu

  • Failed to activate authorization check for user SAPSYS

    Hi Experts
    I am trying to run the sdcc, it was throwing time_out error. i have increased the work process runtime. now
    i am getting a error Failed to activate authorization check for user SAPSYS.
    Please help me to solve this issue.
    Regards
    Venkat

    Hi, Mr. Joe Bo.
    Thanx for your reply. We are using ECC6 (HP Unix with Oracle)
    Basis Patch - 15, Kernel 159
    I have seen the the note but it's showing ccms method defination settings, but for my case we are yet to go live we have not made any settings from sap they are planning to run a session for the go live. When i am running sdcc i am getting a error in the system log "Failed to activate authorization check for user SAPSYS"
    Thanks & Regards
    Venkatesan J

  • Disabling authorizations checks for transactions SU53 and/or SU56.

    Greetings.
    I seem to remember reading that there was either a system profile parameter or a table entry that can be used to disable all authorizations checks for transactions SU53 and/or SU56.
    Any truth in this or is my mind playing tricks on me?

    Hi,
    I guess theres is profile param auth/tcodes_not_checked(I guess thats right), this will exclude SU53/SU56 from checks on transaction code.
    This can be done using RZ10 and need to restart the system.
    Rakesh

  • Authorization check for select-options field - Company code.

    Hi experts,
    i have company code field on the report selection screen and i have to validate the authorization check for BUKRS.
    How to do authorization check for a select-options field?
    Any function modules used to write the authorization check for a SELECT-OPTIONS FIELD?
    Thanks.

    >
    RNB wrote:
    > Any function modules used to write the authorization check for a SELECT-OPTIONS FIELD?
    Does it hurt to type a few lines of code? Why do you need an FM for this my friend?
    Anyways can you please tell which SAP application area (viz. FI, SD etc.) do you want to run the report?
    Suhas

Maybe you are looking for

  • Time Capsule Not Working With Time Machine

    I'm trying to backup to my Time Capsule, which I haven't used in over two years. It had been displaced because of a change in internet service providers. The new provider came in with a Linksys router, setup a sub-network, and left the Time Capsule/A

  • Problem with age restriction

    Hi guys. I was trying to download an app from featured points today, it's called modern combat zero hour, but when I redeemed the code, the age restriction popped up and I clicked okay. But when I clicked okay. It just took me back to the code redeem

  • Message "Password is blocked" when trying to access nwa

    Hello everyone, when i try to access the nwa with the administrator user i get the message "Password is blocked". 1. Why is it blocked? It's the first time anyone tries to access the nwa in this installation 2. How can i unblock it? Note: the passwor

  • Doubt in considering temp tablespace's free space

    Hi All, Database: oracle 11.2 Operating System: AIX I want to know how much free space available in my temp tablespace I ran below scripts select sum((bytes_free)/1024/1024/1024) GB from v$temp_space_header +52.904296875+ select (tablespace_size)/102

  • Major iCal disfunction. Weekly view doesnt load up at all.

    I see iCal in the tool bar but but the program doesnt load when i click it in the dock. I try to open it from the tool bar and i dont get weekly view at all. Daily and monthly views come up but they are obviously seriously disabled and non funtioning