This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Soft Skills: The software developer's life manual and have John Sonmez on-line!
See this thread for details.
Win a copy of Soft Skills: The software developer's life manual this week in the Jobs Discussion forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Secure and unsecure info on same page

 
anjali ray
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a jsp page where I want to show different information based on whether the user is logged in or not.
I won't be able to add to security-constraint as everything on the page will be secure.

How do I have secure and not secure information on the same page?

 
Paul Clapham
Sheriff
Pie
Posts: 20158
23
MySQL Database
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "secure" in this context? It looks as if you are referring to the browser warning which looks something like that. Is that what you are asking about? If that's the case then "secure" is equivalent to "served via HTTPS" and has nothing to do with the web application's concept of application security.
 
anjali ray
Greenhorn
Posts: 28
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no by secure I mean certain extra information will be shown on the page when the user is logged in. If the user is not logged in then I want to not show all information.
So the same page will show secure and unsecured information.
 
karan khosla
Greenhorn
Posts: 25
IntelliJ IDE Java Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, anjali

I believe you have to define certain roles in your application at top of your application which will take care of it for you.

For, Example

A employee have access to certain pages or certain area on the page. Whereas, a manager have access to the pages that an employee can't access. if you are designing a simple application you can check the method isUserInRole method that you can fetch from the ExternalContext.

I Hope this Helps!
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17615
38
Android Eclipse IDE Linux
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're using J2EE Container Managed Security, the page rendering code can look to see if the HttpServletRequest user Id property is null. If so, the user is not logged in, and thus "insecure". Otherwise, the user is "secure".

If you're using a Do-It-Yourself security system, you're on your own.
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic