Aug 122015

OpenXava does not include a complete security and navigation system, although you can easily add security and navigation in an OpenXava application if you use a Java portal, such as Liferay. Also, you can use the official solution that OpenXava team offers: XavaPro. Even though these solutions may be valid for new projects, for legacy projects you may need apply other ones. In this post we are going to customize our own solution for navigation and security starting from the standard OpenXava solution: NaviOX.

We are going to use OpenXava 5.3.2 and as an example of database, we are to going to use Classic Models which can be downloaded from this page. We are going to use the model classes created following the instructions of this post: Reverse Engineering and Code Generation.

Basically, what we want is to:

  1. Customize our own main menu
  2. Customize the first page of the application
  3. Apply our own security

For example, the first page of the application and the complete main menu would be:

The image above belongs to a user who has complete access. In the following image, some options of the menu are hidden after applying security:

In both images above a picture of a car is shown instead of the images of the typical FirstStep jsp of OpenXava. We have changed the first page.

Finally, depending on user, the system will show or hide fields. In the following picture, the image field of the product lines has been hidden because user has not permission.

As you can see in the pictures above, we have changed the standard menu of OpenXava NaviOX, FirstSteps page has been replaced by another one and we have improved security system. Now we are going to explain how to do this.

Basic knowledge

When you download OpenXava 5.3.2, you have a project called Addons, where NaviOX is. NaviOX is a basic system for security and navigation in OpenXava. There are several empty classes, such as or that you can extend for implementing your own security or navegation. However, we are going to extend, modify and add other classes.

You have to know that when you create a new OpenXava project executing CreateNewProject.xml ant build, all files under Addons/web/naviox folder are copied to your project under web/naviox folder. We are going to change some of the JSPs.


For this example, we have developed a very simple security system with users and roles. You can find the main classes under Addons project, under com.lostinsoftware.securty package.

The classes are prepared for implementing different security systems depending on the backend, such as database, webservices and so on. In this example, only xml file backend system are implemented under package.

SecurityManagerFactory is the class in charge of build a SecurityManager depending on the chosen backend security system. Backed security system is set in the property securityManagerFactoryType of the file.

Security is the main class which you have to use for checking permissions. This class get current user data from current thread. Review class com.openxava.util.Users for more information.

In this example, security data are stored in security.xml file.

As you can see, there are seven users; CEO user is the adminitrator of the system and has access to everything. The others users have limited permissions. Objects, in this example, are OpenXava modules and, in turn, are the tables of the database. You will have noticed that for the role order, the object Productlines has assigned the action hide-image. That means that the system must hide image of product lines if the user belongs to order role.

In order to load the new system security, we will have to modify the method isAuthorized of the class SignInHelper, under com.openxava.naviox.impl package, in Addons project. The new class SignInHelper is:

Customizing main menu

The goal of this section is to have our own navigation bar fixed at the top of every pages. We also want to remove the left sidebar.

As it is explained in Main JSPs in OpenXava the main container is index.jsp, under web/naviox folder. So you will have to change this file.

For removing the left sidebar, you have to comment out the following lines:

For the navigation bar at the top, we are going to use a standard solution with Bootstrap (v3.3.5). Because we want a navigation bar with height less than the Bootstrap’s default, you have to change the property @navbar-height with a value, for example, 15px, and then download the modified classes. This operation of modification you can do it at or at You have to put these modified Bootstrap’s files under web/naviox folder.

You have to add a few lines for activating Bootstrap just below <head> tag, and a couple of lines above <body> tag. Your index.jsp would be now:

The next step for setting up the main bar navegation is to modify mainNavigation.jsp. You have to add main menu, menus, submenus and items using <ul<, <li;> and Bootstrap classes. You also have to call methods of Security class to hide or shown menus and items depending on the user’s rol. An example of mainNavigation.jsp could be:

Some styles (css classes) of OpenXava are affected by Bootstrap. To fix this problem, you have to create a custom.css file under web/xava/style. The code in this file is:

Customizing the first page of the application

By default, the first page of an OpenXava is FirstSteps. This first page is set in Modules class, under com.openxava.naviox package and is designed in firstSteps.jsp.

The code of the first page is decided in getCurrent method of Modules class.

In this example, our first page is mainmenu.jsp and its code is MainMenu. In order to active this new code, you have to change init method in Modules class. Besides, a good practice is to add a new method, createMainMenuModule, to register this new dummy module.

The code of is:

mainmenu.jsp is:

As you can see, a new image file, buggati.jsp, has be added under naviox/images folder to be shown in the middle of the main page.

Finally, you have to set false the navigation options properties, startInLastVisitedModule and rememberVisitedModules, in, because in this example it does not make sense to be set true.

Applying our own security

So far you have used the new security system only for the main navigation bar. What you want now is to use this security system, for example, to hide or show a field in a module. In this section, you are going to hide/show field image of the table productlines depending on the user’s rol. This field will be hidden/shown in detail mode and list mode.

What you have to do is:

  1. Define a new action in which you will be able to show/hide a property image of the productlines module.
  2. Define a new controller with the new action created in the previous point

Due to the fact that you want hide/show properties in detail and list mode, you have to create a new action class extending from TabBaseAction. The source of the new action class, HideProductImageAction, is

Then you have to define a new controller, with the same name that the module where action has to be executed. The definition must be done in controllers.xml file.

The action must be executed when the module is initiated (on-init=”true”) and must no be executed by user (hidden=”true”).

By default, listEditor.jsp is the editor used for lists. This editor does not take into account if a property must be hidden (perhaps, this behaviour is an error). For that reason, you have to define a new editor (listEditorHidingProperties.jsp) in which properties to be hidden are taken into account.

The new editor is definied in editors.xml.

The new editor is applied to all modules (<for-tabs />).

listEditorHidingProperties.jsp is exactly equal to listEditor.jsp, except that there are some lines similar to

if (property.isHidden()) continue;

at strategic points.

The complete code of listEditorHidingProperties.jsp is:


This blog post has taught us how to customize our own navigation menu and how to apply our own security system and in which parts of the code you have to pay attention to carry out these modifications. In this blog post an example has been discussed as a possible solution, but other solutions can obviously be implemented.

Related posts
Reverse Engineering and Code Generation
Main JSPs in OpenXava

P.S. You can get the example of this blog post from Github.

Sorry, the comment form is closed at this time.