View Layer Security

Users who are not the owner of the post on the detailed view page should not see the menu highlighted.
Before applying spring security at viewlayer

/WEB-INF/views/bbs/view.jsp
<!-- omit -->

<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>

<!-- omit -->

<div class="view-menu" .. >
  <security:authorize access="#email == principal.username or hasRole('ROLE_ADMIN')">
  <div class="fl">
    <input type="button" value="수정" onclick="goModify();" />
    <input type="button" value="삭제" onclick="goDelete()" />
  </div>
  </security:authorize>

<!-- omit -->

<div id="detail">
  <div id="date-writer-hit">edited ${regdate } by ${name } hit ${hit }</div>
  <div id="article-content">${content }</div>
  <div id="file-list" style="text-align: right;">
    <div id="file-list" style="text-align: right;">
    <c:forEach var="file" items="${attachFileList }" varStatus="status">
      <div class="attach-file">      
        <a href="javascript:download('${file.filename }')">${file.filename }</a>
        <security:authorize access="#email == principal.username or hasRole('ROLE_ADMIN')">
          <a href="javascript:deleteAttachFile('${file.attachFileNo }')">삭제</a>
        </security:authorize>
      </div>
    </c:forEach>  
    </div>
</div>

<c:forEach var="comment" items="${commentList }" varStatus="status">  
<div class="comments">
  <span class="writer">${comment.name }</span>
  <span class="date">${comment.regdate }</span>
  <security:authorize access="#comment.email == principal.username or hasRole('ROLE_ADMIN')">
  <span class="modify-del">
    <a href="javascript:updateComment('${comment.commentNo }')">Modify</a> |
    <a href="javascript:deleteComment('${comment.commentNo }')">Del</a>
  </span>
  </security:authorize>

<!-- omit -->

The header.jsp file that has already been modified will also be rendered selectively using the Spring Security tag.

/WEB-INF/views/inc/header.jsp
<!-- omit -->

<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>

<!-- omit -->

<security:authorize access="hasAnyRole('ROLE_USER','ROLE_ADMIN')">
  <security:authentication property="principal.username" var="check" />
</security:authorize>

<!-- omit -->
References