SEC-1757: Updated tutorial sample to state that listing of accounts is allowed by anyone and to display accounts for the different types of access to posting to Accounts

2025-06-13 15:42:25 +00:00 · 2011-06-02 21:19:01 -05:00 · 2011-06-02 21:19:01 -05:00 · d5f1f6cbff
commit d5f1f6cbff
parent a2cdbab50c
2 changed files with 9 additions and 1 deletions
--- a/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
+++ b/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
@ -1,6 +1,14 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>

 <h1>Accounts</h1>
+<p>
+Anyone can view this page, but posting to an Account requires login and must be authorized. Below are some users to try posting to Accounts with.
+</p>
+<ul>
+<li>rod/koala - can post to any Account</li>
+<li>dianne/emu - can post to Accounts as long as the balance remains above the overdraft amount</li>
+<li>scott/wombat - cannot post to any Accounts</li>
+</ul>

 <a href="index.jsp">Home</a><br><br>

--- a/samples/tutorial/src/main/webapp/index.jsp
+++ b/samples/tutorial/src/main/webapp/index.jsp
@ -6,7 +6,7 @@
 Anyone can view this page.
 </p>
 <p>
-If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+While anyone can also view the <a href="listAccounts.html">list accounts</a> page, you must be authorized to post to an Account from the list accounts page.
 </p>
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>