I am working with jsp/servlet project and I have to complete the module of access management to my jsps since I have more than one user with different profile.
I defined a table in my database which resume the profil and the url permitted like that:
id_profil :1
url : http://localhost/...xyz.jsp
id page 1
Now I am trying to let the menu modified appropriately to the id_profil of the logged user.
So there are pages allowed in one profile but must be hidden to others.
I have no idea since now how to realize this.
It's kinda a vague exaplanation but you could use an if in your jsp to hide the menu options based on id_profil, something like this:
<c:if test="${currentUser.id_profil == 1}">
<button label="Only id_profil 1"/>
</c:if>
Keep in mind that by changing the values shown by a menu, you aren't preventing a user from accessing a page directly -- even if the user can't get to xyz.jsp by dropping down a menu item, they can still enter xyz.jsp into the address bar of their browser. So you'll have to block the access in another way.
If you have any experience with Spring, or are considering implementing it, take a look at Spring Security. It can be used to limit user access rights to different parts of your application. It isn't terribly hard to implement if you are already familiar with Spring.
ETA: For some basics that don't involve Spring Security, check out security in web.xml: http://java.sun.com/javaee/5/docs/tutorial/doc/bncbe.html#bncbj
Related
I have a jsp page having a 'submit' option for input.On clicking it i want to update the value of a table called tbIndividual.What can be the best approach to do it?
On jsp page i have somthing like this :
User Name : <%=rs.getString(2)%>
First Name : <%=rs.getString(4)%>
Last Name : <%=rs.getString(5)%>
Email Id : <%=rs.getString(6)%>
Contact : <%=rs.getString(7)%>
<input type="submit" value="ADD"></input>
And now i want to update the value of status of that particular individual from 'NO' to 'WAIT' state.On click of this submit button.
Is making new servlet for this task a good option or doing the code in jsp a better one ?
If i need to make a new servlet then what will be the code for it on jsp page .?Please help.
If you are trying to learn servlet with this project then you should create a separate servlet where you will perform your business logic (e.g addition of element in Db) and jsp should be kept away from business logic because role of jsp is to render the output not to produce the output.
If this is a project for production purposes, then you should ( IMO you must ) opt some web framework. As framework will reduce your effort, headache and increase productivity.
First of all, there are certain things you need to understand while developing web applications in Java. I have a few recommendations and inputs
Please don't use Scriptlets. Scriptlets are deprecated and they make your code clumsy and the maintainance will be hard. Use JSTL
You need to create a form in your html to have a set of variables to push them to the server on clicking submit button. The form will have an action attribute which contains the URL where the request should be sent
Create a Servlet and map with the action URL and write the doPost method which can receive the form parameters and do the business logic whatever changing the status from NO to WAIT or anything else
Please take a note that you need to have Session variables in order to have the store the data in between requests from the same client. eg browser.
Is making new servlet for this task a good option or doing the code in jsp a better one ?
Writing a new servlet is a good option, than doing the business logic in jsp page. jsp is meant for presentation, just view. They shouldn't be used to perform business logic
If i need to make a new servlet then what will be the code for it on jsp page .?
JSP should just have all the necessary html elements and attributes like form, action attribute etc.. to post the parameters in the request to the action URL. Please note the method attribute of form. You should use HTTP POST method for posting form parameters to the server
Note : Finally, Writing Servlets are also NOT recommended. Instead, you should opt for webframeworks like Spring MVC , Struts etc. Please go through the link to understand about web frameworks answered by #BaluC
Hope this clarifies.
I've managed to create a secured web service which stores the hash of password with random salt
But now after the user has filled its correct username and password then he is redirected to index.html page.
and now my task is to create the same thing as you see here in stackoverflow in the left corner - I want the user to see his username and next to it to have an option for logout.
But as I have never done such thing can you recommend the steps I should follow
and some tutorial - or whatever you think I should read
What is the technology stack you are using ? JSP + Java ? JSF + Java ? Struts + Java ? or any-other ? Whatever you use. Most of the framework has a concept of session. When user hit the submit button post filling the form, store the "username" is session. On successful validation pull the "username" stored from session. http://www.javatpoint.com/cookies-in-session-tracking http://www.tutorialspoint.com/jsp/jsp_session_tracking.htm
Easiest way is to have link to page like
http://www.example.com/logout.jsp
Than in logout.jsp, you can logout user from DB (if you use that) and destroy SESSIONS and COOKIES. After that, you do redirect to index page of web. Doing redirect to last page is not always possible, because user coul have been in some logged only part of the web.
Good thing is also to check if user is logged before doing real logout, but all of this stuff is in logout.jsp. There is no need to doing it more complicated, than it is :-)
As you are using JSP you should be using HttpSession. So you only have to call invalidate method when you access the logout page (in this case, logout.jsp):
<% session.invalidate(); %>
<% response.sendRedirect("index.jsp"); %>
If you are using a servlet, you can process this there.
If you want to know more about JSP/servlet development I recommend you this series of videos, if you have little experience they are very easy to follow.
I haven't really used it yet, but I was reading the tutorial here and from what I understand of it, once you annotate to it inside your controller, it completely blocks the user off, and only shows the form.
What I wonder is how you would do to simply hide certain parts of the website. Like show a login form on top when the user is not logged in and show a "profile" button when he is logged in. Disable posting abilities when user is not logged in etc. without hiding everything from a guest.
Would you need to create separate views for these situations, or just check inside the view if the user is logged in? And how would you check to see that, using the secure module?
The Play secure module authenticate() stores the 'username' in session upon successful login/authentication.
You can make use of this session property in the view to check if user logged in and then change the track accordingly.
#{if session.username }
<!-- You can show users' profile -->
#{/if}
#{else}
<!-- Show login form now. You can create a login template-tag form and call it here. -->
#{/else}
I would like to basically do what Jason asked for here
In one sentence, I would like the url bar to represent the state of the AJAX application so that I can allow to bookmark it as well as allow the user to return to the previous state by using the back/forward buttons in the browser.
The difference for me (From what Jason asked) is that I am using JSF 2.0.
I've read that JSF 2.0 added the ability to use get, but I am not sure what the correct way to use this.
Thanks for the help.
Further Clarification
If I understand correctly, to be able to bookmark specific states in the AJAX webapp I will have to use the location.hash. Am I correct? I'm trying to achieve a gmail-like behaviour in the sense that, while the app is complete AJAXified and no redirects occur, I can still use Back/Forward and bookmark (And that's why I would like the URL bar to be updated from the AJAX app itself and not through redirection)
Update
Just found this similar question
The difference for me (From what Jason asked) is that I am using JSF 2.0. I've read that JSF 2.0 added the ability to use get, but I am not sure what the correct way to use this.
Please note that this is not the same as maintaining the Ajax state. It usually happens by fragment identifiers (the part starting with # in URL, also known as hashbang). JSF doesn't offer builtin components/functionality for this. As far I have also not seen a component library which does that. You may however find this answer useful to get started with a homegrown hash fragment processor in JSF.
As to using GET requests, just use <h:link>, <h:outputLink> or even <a> to create GET links. You can supply request parameters in the h: components by <f:param>. E.g.
<h:link value="Edit product" outcome="product/edit">
<f:param name="id" value="#{product.id}" />
</h:link>
In the product/edit.xhtml page you can define parameters to set and actions to execute upon a GET request
<f:metadata>
<f:viewParam name="id" value="#{productEditor.id}" />
<f:event type="preRenderView" listener="#{productEditor.init}" />
</f:metadata>
In the request or view scoped bean associated with product/edit.xhtml page -in this example #{productEditor}-, you just define the properties and the listener method. The listener method will be executed after all properties are been gathered, converted, validated and updated in the model.
private Long id;
private Product product;
public void init() {
product = productService.find(id);
}
Normally you'd use AJAX to prevent complete page refreshes. AFAIK all current browsers would issue a page refresh if you change the base uri. Thus you would have to use the hash part as suggested in the question you provided.
We had a similar problem and did something like this:
We settled for the fact that users cannot bookmark the url.
For URLs that should be unique/bookmarkable we used different links that issue a redirect. Those URLs are provided in a sitemap.
For browser back, we added an intermediate page after login. This page does navigation and a redirect to the application. The navigation is stored in the session and when the server gets a navigation request (which can be a history back) the corresponding state is restored. A browser back opens that intermediate page which issues a redirect along with a navigation request on the server side.
I am writing an application in JAVA. Need advice about the menu.
I dont want to duplicate the code for menu creation in every JSP.
I want to create 1 JSP called menu.jsp and create the menu there and do a dynamic include <jsp:include... > wherever I need the menu.
This is fine till I have static menu.
Now, how would do do this for a dynamic menu.
I know it is a bad practice to connect to DB directly from JSP.
So what I want to do is this:
create a servlet
connect to DB and get the menu items and the display order
flush the menu created above to a jsp
So, my question is how do I include the above JSP wherever I need menu???
I think what you need is a templating system. Try out sitemesh for instance.
If you want to really use a java framework that helps you with good practices, i recommend to use grails
You may include servlet output by tag <jsp:include>. But it's a bad practice. See jsp tags instead
To use the menu, application wide put the generated menu either in session or application[ If and only if menu is same for every user]
Lets say menu.jsp has the code for generating the menu, get the session(or application object) and proceed with the requirement
Finally call menu.jsp using or <%#include >
Add the menu items, and a "renderMenu" boolean as request attributes.
Then include the menu.jsp and read those attributes - if renderMenu is false, don't output anything. If it is true - proceed with rendering the items (set by the servlet)