View Layer Security
You should not see the menu highlighted below unless you are the post owner on the detail view page,
/WEB-INF/views/bbs/view.jsp
<!-- omit -->
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>
<!-- omit -->
<div class="view-menu" .. >
<security:authorize access="#email == principal.username or hasRole('ROLE_ADMIN')">
<div class="fl">
<input type="button" value="Modify" onclick="goModify();" />
<input type="button" value="Del" onclick="goDelete()" />
</div>
</security:authorize>
<!-- omit -->
<div id="detail">
<div id="date-writer-hit">edited ${regdate } by ${name } hit ${hit }</div>
<div id="article-content">${content }</div>
<div id="file-list" style="text-align: right;">
<div id="file-list" style="text-align: right;">
<c:forEach var="file" items="${attachFileList }" varStatus="status">
<div class="attach-file">
<a href="javascript:download('${file.filename }')">${file.filename }</a>
<security:authorize access="#email == principal.username or hasRole('ROLE_ADMIN')">
<a href="javascript:deleteAttachFile('${file.attachFileNo }')">Del</a>
</security:authorize>
</div>
</c:forEach>
</div>
</div>
<c:forEach var="comment" items="${commentList }" varStatus="status">
<div class="comments">
<span class="writer">${comment.name }</span>
<span class="date">${comment.regdate }</span>
<security:authorize access="#comment.email == principal.username or hasRole('ROLE_ADMIN')">
<span class="modify-del">
<a href="javascript:updateComment('${comment.commentNo }')">Modify</a> |
<a href="javascript:deleteComment('${comment.commentNo }')">Del</a>
</span>
</security:authorize>
<!-- omit -->
You can render the header.jsp selectively using Spring Security tags.
/WEB-INF/views/inc/header.jsp
<!-- omit -->
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>
<!-- omit -->
<security:authorize access="hasAnyRole('ROLE_USER','ROLE_ADMIN')">
<security:authentication property="principal.username" var="check" />
</security:authorize>
<!-- omit -->
References