Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Secure and unsecure info on same page

 
anjali ray
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a jsp page where I want to show different information based on whether the user is logged in or not.
I won't be able to add to security-constraint as everything on the page will be secure.

How do I have secure and not secure information on the same page?

 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "secure" in this context? It looks as if you are referring to the browser warning which looks something like that. Is that what you are asking about? If that's the case then "secure" is equivalent to "served via HTTPS" and has nothing to do with the web application's concept of application security.
 
anjali ray
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
no by secure I mean certain extra information will be shown on the page when the user is logged in. If the user is not logged in then I want to not show all information.
So the same page will show secure and unsecured information.
 
karan khosla
Greenhorn
Posts: 25
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, anjali

I believe you have to define certain roles in your application at top of your application which will take care of it for you.

For, Example

A employee have access to certain pages or certain area on the page. Whereas, a manager have access to the pages that an employee can't access. if you are designing a simple application you can check the method isUserInRole method that you can fetch from the ExternalContext.

I Hope this Helps!
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18169
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're using J2EE Container Managed Security, the page rendering code can look to see if the HttpServletRequest user Id property is null. If so, the user is not logged in, and thus "insecure". Otherwise, the user is "secure".

If you're using a Do-It-Yourself security system, you're on your own.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic