I am developing a Struts web application.  This application will
require users to login with a username and password.  Each user will
have different access levels.

I will not be using role-based access b/c there are too many services
and too many access levels.  Let's say there are 10 services.  If a
user has access to a service, he will have read permission or
read/write permission to that service.  I would like to set up bitflags
to determine the user's access level.
Ex)
// Contents of Constants.java
...
public final static int service_1_read = 1
public final static int service_1_read_write = 2
public final static int service_2_read = 4
public final static int service_2_read_write = 8
public final static int service_3_read = 16
public final static int service_3_read_write = 32
...

When a user logs in to the website, the user information will be stored
in the session.

I am using Tiles to design the layout of my website.  The tiles are
setup using definitions in tiles-defs.xml.  I load the pages using the
definitions.  For example:
// Contents of /service_1_index.jsp
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>

<tiles:insert definition="service1.index" />

This will allow the index for service1 to be displayed.  I was thinking
of adding a check for user access to /service_1_index.jsp to look like
the following:
// New Contents of /service_1_index.jsp that checks user access
<%@ taglib uri="/tags/struts-tiles" prefix="tiles" %>
<%@ page import="com.myco.constants.Constants" %>

<% User user = (User)session.getAttribute("User");
if ( user.hasAccess(Constants.service_1_read) ||
user.hasAccess(Constants.service_1_read_write) ) {
%>
<tiles:insert definition="service1.index" />
<% } else { %>
<tiles:insert definition="access.denied" />
<% } %>

I know that this will work, but it goes against the whole purpose of
using Struts!!  Keep java code out of the JSP files!!!!!  Is there a
way that I can use the Tiles Controller?  There has to be a better
way!!!

Any advice would help.  Thanks in advance.