I have a tag file which is responsible for building the header (which is the same on every page).
If the user is authenticated I show 'logoff', otherwise i show 'signin | register'
in reading these forums, I see time and time again that the jsp should be as dumb as possible. which makes sense. and im wondering how I can change the following. I don't think I can get away from using logic in the jsp page, but maybe the jsp page should not be aware of the session and authentication object. how would you guys handle this? I will have to do something similar for which menu buttons are available based on the users roles. So this page will end up having a lot of logic if I continue down this road. thanks! Billy (in training)
There's about a million ways to go about this; as far as I'm concerned if logic like this is tucked away in a single location I'm good with it. JSP pages "know" about the session anyway; it's an implicit object, searched by the JSTL when no scope is explicitly specified, and so on. One other option is to have an action base class that exposes "authenticated" as an action property, but unless you're using it all over the place, meh.
Roles are similarly dealt with--a million ways. A tag that wraps up the URL and role access, checking against whatever it is you're checking against, is probably enough.
YMMV, and I'm sure I'd have people both agreeing and disagreeing with me.