Hi Eric,
I can think of a couple of methods how you could handle this case:
.- If you don't want them to see some information, you might use the
if{}else{} approach, as you mentioned even though it's not very elegant
and it's quite tedious and error prone if the number of "hidden fields"
is too big.
.- Another approach would be to have two different pages, one for
registered users and another for the registered ones, and redirect to
the appropriate page. Then you have to keep two slightly different
copies of the same page, which is not the perfect solution, but it could
be useful if the number of "hidden parts" is too big.
.- If I just don't want to allow unregistered users to do something, I
sometimes let them see the whole interface and when they try to access
some reserved information or perform a restricted action, as they are
not allowed the servlet controller redirects them to a "You can't do
that" page instead of executing the operation. But then you need your
controller servlet to allow you to have a fine grain control over what
users are allowed to do or not, and the controller has to be able to
distinguish between a failed login, an improper access, ... Fortunately
for us, we do have such a controller servlet :).
.- One that I haven't tried and quite similar to the second approach,
would be to use XML and apply different XLS depending on the type of
user so the resultsing HTML page would be different.
Comments?
I hope this helps,
Dan
-------------------------------------------
Daniel Lopez Janariz ([EMAIL PROTECTED])
Web Services
Computer Center
Balearic Islands University
-------------------------------------------
"Eric M. Andersen" wrote:
>
> Craig,
> What would you do if the page in question could be viewed by anybody,
> logged in or not, but certain parts of the display need to be hidden for
> those who are not logged in (full functionality not available to guest
> users, only to registered users). Would you wrap this if-else statement
> around every single piece of the conditionally displaying code?
>
> -Eric
>
> murali vivekanandan wrote:
>
> > Great inputs by Mr. McClanahan and other in this thread.
> >
> > In our application we have one servlet for each form and in addition to
> the
> > action class with validated parameters, it validates the session. For ex.
> to
> > access his account, the user should have logged in first(which is stored
> in
> > the session). This is different for each form.
> >
> > Where and how do think we can do, if we follow your model for one
> controller
> > servlet?
> >
>
> What I do is build in a check in the doGet/doPost methods of the controller
> servlet, and check for the existence of a particular object in the user's
> session that is only put there by a successful login. This object is
> removed
> when the user executes your logout function, and is essentially removed by
> a
> session timeout (since it won't be there the next time the user makes a
> request
> -- they'll have just started a new sessiion) Then, the pseudo-code of
> processing a request would be something like this:
>
> Check for existence of the login-succeeded object
> if (login object is there) {
> Call the action class being requested
> } else {
> Display the login page
> }
>
> You'd need a special check that allowed the "process login" action to be
> processed even if the user wasn't logged on.
>
> In the "process login" action, after you are satisfied the user has been
> authenticated, you add the appropriate login object to the user's session).
> When they execute your logout function, just remove this object and
> invalidate
> the session.
>
> >
> > I am a newbie to architecture, so hope you dont mind if this is a up to
> the
> > par question.
> >
> > Thanks,
> > Murali Vivekanandan.
> >
>
> Craig McClanahan
>
> Eric M. Andersen
> I/T Specialist
> IBM Global Services
> Tel: (781) 895-2637, Fax : (781) 895-2843, t/line : 362-2637
> Internet ID: [EMAIL PROTECTED]
> Lotus Notes ID: Eric M Andersen/Waltham/IBM
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
