SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts

2025-03-04 04:19:09 +00:00 · 2011-06-02 21:19:01 -05:00 · 2011-06-02 21:19:01 -05:00 · c9b328d8c7
commit c9b328d8c7
parent 132163ec2e
2 changed files with 9 additions and 1 deletions
--- a/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
+++ b/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
@ -12,6 +12,14 @@
 <div id="content">

 <h1>Accounts</h1>
+<p>
+Anyone can view this page, but posting to an Account requires login and must be authorized. Below are some users to try posting to Accounts with.
+</p>
+<ul>
+<li>rod/koala - can post to any Account</li>
+<li>dianne/emu - can post to Accounts as long as the balance remains above the overdraft amount</li>
+<li>scott/wombat - cannot post to any Accounts</li>
+</ul>

 <a href="index.jsp">Home</a><br><br>

--- a/samples/tutorial/src/main/webapp/index.jsp
+++ b/samples/tutorial/src/main/webapp/index.jsp
@ -18,7 +18,7 @@
 Anyone can view this page.
 </p>
 <p>
-If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+While anyone can also view the <a href="listAccounts.html">list accounts</a> page, you must be authorized to post to an Account from the list accounts page.
 </p>
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>