wood burning stoves 2.0*
The moose likes JSF and the fly likes Secure and unsecure info on same page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Secure and unsecure info on same page" Watch "Secure and unsecure info on same page" New topic
Author

Secure and unsecure info on same page

anjali ray
Greenhorn

Joined: Mar 12, 2005
Posts: 28
I have a jsp page where I want to show different information based on whether the user is logged in or not.
I won't be able to add to security-constraint as everything on the page will be secure.

How do I have secure and not secure information on the same page?

Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

What do you mean by "secure" in this context? It looks as if you are referring to the browser warning which looks something like that. Is that what you are asking about? If that's the case then "secure" is equivalent to "served via HTTPS" and has nothing to do with the web application's concept of application security.
anjali ray
Greenhorn

Joined: Mar 12, 2005
Posts: 28
no by secure I mean certain extra information will be shown on the page when the user is logged in. If the user is not logged in then I want to not show all information.
So the same page will show secure and unsecured information.
karan khosla
Greenhorn

Joined: Apr 27, 2009
Posts: 25

Hi, anjali

I believe you have to define certain roles in your application at top of your application which will take care of it for you.

For, Example

A employee have access to certain pages or certain area on the page. Whereas, a manager have access to the pages that an employee can't access. if you are designing a simple application you can check the method isUserInRole method that you can fetch from the ExternalContext.

I Hope this Helps!


Karan Check me out on http://pythonicway.blogspot.com/
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15952
    
  19

If you're using J2EE Container Managed Security, the page rendering code can look to see if the HttpServletRequest user Id property is null. If so, the user is not logged in, and thus "insecure". Otherwise, the user is "secure".

If you're using a Do-It-Yourself security system, you're on your own.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
jQuery in Action, 2nd edition
 
subject: Secure and unsecure info on same page
 
Similar Threads
AJAX, JSF and security
User authentication from database
Image will not display using FORM-based security
ssl and non-secure items
SSL and Applet