Testing if a User is Logged in Via JSP/Spring-MVC
Question
Using Spring 3 MVC and JSP, I simply want to test if a user is logged in, I'm not interested in using Spring Security currently
<jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
<c:choose>
<c:when test="myUser.loggedIn">
//dostuff
</c:when>
<c:otherwise>
//dootherstuff
</c:otherwise>
</c:choose>
But the problem is that when there isn't yet a myAppUser in the session, jsp:useBean throws an exception. Now I realize that I can have the JSP:useBean actually instantiate the object by giving it a class, but I don't like knowing that somewhere in some JSP fragment I have objects being instantiated and added to my session, so I either want to always set an initial value for that user, and have control over it programatically, or I'd like a way to get that bean that allows it to be null or not exist, if it doesn't exist just return null
either way would be fine
if my question points to a fundamental misunderstanding in what I should be doing please provide a link to documentation that will thoroughly explain this use case
2 answers
solution1
4 ACCPTED 2010-06-04 16:19:46
This is not the right approach, but in fact you could solve the particular issue with the JSTL <c:catch> .
<c:catch var="e">
<jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
</c:catch>
<c:choose>
<c:when test="${empty e && myUser.loggedIn}">Logged in</c:when>
<c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>
The right approach is described in answer of matt b. You really need to solve it at a higher level. Have a bean something like UserManager which has the User as child property along several methods like login(User) , logout() and isLoggedIn() . If the user is logged in, then the User ought to be non-null. When the user logs out, then the User ought to be set to null.
Update as per comments: As an alternative, you can also just get rid of the whole jsp:useBean declaration and intercept on the presence of the MVC-framework injected ${myUser} in the session.
<c:choose>
<c:when test="${myUser.loggedIn}">Logged in</c:when>
<c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>
EL will namely transparently "suppress" potential nullpointerexceptions and just return false.
solution2
2 2010-06-04 15:54:22
Testing for something like "is this person logged in?" by examining the Session object in the View kind of blurs the lines between the roles of the Model, the View, and the Controller.
Regardless of figuring out the correct JSTL syntax to use to not get jsp:useBean to throw an exception, I suggest moving the check for logged-in to the controller side and have the view test if a "isLoggedIn" property exists in the model.
- Controller checks if the session contains a user object, adds a property
isLoggedInto the model with a value oftrueorfalse. - The logic in the view branches on the value of
${isLoggedIn}.
In other words, the view should be checking only the model for properties/data, and not accessing the session or other state directly.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.