File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JSF and the fly likes Secure and unsecure info on same page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Secure and unsecure info on same page" Watch "Secure and unsecure info on same page" New topic

Secure and unsecure info on same page

anjali ray

Joined: Mar 12, 2005
Posts: 28
I have a jsp page where I want to show different information based on whether the user is logged in or not.
I won't be able to add to security-constraint as everything on the page will be secure.

How do I have secure and not secure information on the same page?

Paul Clapham

Joined: Oct 14, 2005
Posts: 19973

What do you mean by "secure" in this context? It looks as if you are referring to the browser warning which looks something like that. Is that what you are asking about? If that's the case then "secure" is equivalent to "served via HTTPS" and has nothing to do with the web application's concept of application security.
anjali ray

Joined: Mar 12, 2005
Posts: 28
no by secure I mean certain extra information will be shown on the page when the user is logged in. If the user is not logged in then I want to not show all information.
So the same page will show secure and unsecured information.
karan khosla

Joined: Apr 27, 2009
Posts: 25

Hi, anjali

I believe you have to define certain roles in your application at top of your application which will take care of it for you.

For, Example

A employee have access to certain pages or certain area on the page. Whereas, a manager have access to the pages that an employee can't access. if you are designing a simple application you can check the method isUserInRole method that you can fetch from the ExternalContext.

I Hope this Helps!

Karan Check me out on
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

If you're using J2EE Container Managed Security, the page rendering code can look to see if the HttpServletRequest user Id property is null. If so, the user is not logged in, and thus "insecure". Otherwise, the user is "secure".

If you're using a Do-It-Yourself security system, you're on your own.

An IDE is no substitute for an Intelligent Developer.
I agree. Here's the link:
subject: Secure and unsecure info on same page
It's not a secret anymore!