What do you mean by "secure" in this context? It looks as if you are referring to the browser warning which looks something like that. Is that what you are asking about? If that's the case then "secure" is equivalent to "served via HTTPS" and has nothing to do with the web application's concept of application security.
Joined: Mar 12, 2005
no by secure I mean certain extra information will be shown on the page when the user is logged in. If the user is not logged in then I want to not show all information.
So the same page will show secure and unsecured information.
I believe you have to define certain roles in your application at top of your application which will take care of it for you.
A employee have access to certain pages or certain area on the page. Whereas, a manager have access to the pages that an employee can't access. if you are designing a simple application you can check the method isUserInRole method that you can fetch from the ExternalContext.
If you're using J2EE Container Managed Security, the page rendering code can look to see if the HttpServletRequest user Id property is null. If so, the user is not logged in, and thus "insecure". Otherwise, the user is "secure".
If you're using a Do-It-Yourself security system, you're on your own.
An IDE is no substitute for an Intelligent Developer.