0

I found here code which can solve my problem, but I don't have any idead how it works.

Code:

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html>
<html>
<head>
    <title>Sample Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
    <c:choose>
        <c:when test="${pageContext.request.isUserInRole('admin')}">
            <p>Content for admin.<p>
        </c:when>
        <c:when test=${pageContext.request.isUserInRole('someRole')}">
            <p>Some content here</p>
        <c:when>
        <c:otherwise>
            <p>Another Content</p>
        </c:otherwise>
    </c:choose>
</body>
</html>

What I don't know , is how it works pageContext.request.isUserInRole('admin'). All my users and user_roles are in database. So from where does pageContext.request.isUserInRole('admin') take data? Can you give me little example how it works and how should I pass information about user role from servlet to pageContext.request.isUserInRole('admin').

Aleksander Monk
  • 2,787
  • 2
  • 18
  • 31

2 Answers2

1

What you speak about is Role Based Authentication. You need not pass the rolees to the jsp from servlet , rather you need to cofigure it in the xml files

Now check what does request#isUserInRole do as per the docs,

Returns a boolean indicating whether the authenticated user is included in the specified logical "role". Roles and role membership can be defined using deployment descriptors. If the user has not been authenticated, the method returns false.

A Complete tutorial here on jsp security mechanisms.

See also :

Community
  • 1
  • 1
Santhosh
  • 8,181
  • 4
  • 29
  • 56
0

I think you have to do a login page then, after the login, you have to call a servlet/controller where you check your user credential (from database) then redirect all to the above page. You have to put in the response (or in the model if you use spring-mvc) the user role information and using it in the jsp.

I'll post to you an example of a spring controller for login

@Controller
@SessionAttributes({"user"})
public class UsersController {

@Autowired
UsersBo usersBo;

@RequestMapping(value = "/doLogin", method = RequestMethod.POST)
public ModelAndView login(
        @RequestParam(DSTAConstants.PARAM_EMAIL) String email,
        @RequestParam(DSTAConstants.PARAM_PSW) String psw, 
        Model model) {

    try {

        //This is a call to a DAO that find data in the database
        Users user = usersBo.checkLogin(email, psw);

        //If the dao found a User
        if (user != null) {

                //Put the user into the model
                model.addAttribute("user", user);

                return new ModelAndView("mainPage");

        } 

        else {
            model.addAttribute("msg","Utente non Trovato o Password Errata.");
            return new ModelAndView("login");
        }
    } 
    catch (Exception e) {
        model.addAttribute("msg", e.getMessage());
        System.out.println("Eccezione: " + e.getMessage());
        return new ModelAndView("login");
    }

After this code u can use "user" in the jsp with this code:

<%  
    Users user = (Users) session.getAttribute("user");

%>

And u can use user.getRole() in this way

    <% if (user.getRole() == 1) { >% 
        <p>Some content here</p>
    <% } 
       else { 
    %>
       <p>Content for admin</p>
    <% } %>

REMEMBER: My code use Spring-MVC... if you doesn't use this you have to do something different

Alist3r
  • 556
  • 3
  • 11
  • 27