[英]Show fields in jsp based on user roles(without using spring security)
我有一個tabs.jsp,其中包含指向其他頁面的鏈接。 管理員登錄時,必須給他2個額外的鏈接以添加用戶和角色。 同時進行身份驗證,無法驗證用戶是否為管理員。 驗證時,如果用戶存在,並且不重定向回登錄頁面,則將控制權返回給用戶顯示頁面。 如果用戶是管理員,我如何實現這兩個額外的鏈接?
我的控制器
@RequestMapping(value = "auth", method = RequestMethod.POST)
public ModelAndView printStringLogin(
@ModelAttribute("USERS") Users userAuthentication,
HttpSession httpSession, ModelMap model) {
System.out.println(userAuthentication.getUsers_email());
System.out.println(userAuthentication.getUsers_password());
UserAuthentication userAuthentication2 = new UserAuthentication();
boolean exists = false,admin = false;
try {
exists = userAuthentication2.doesUserExist(
userAuthentication.getUsers_email(),
userAuthentication.getUsers_password());
} catch (Exception e) {
e.printStackTrace();
}
if (exists == true) {
System.out.println("user present");
httpSession.setAttribute("id", userAuthentication.getUsers_email());
System.out.println("Session Attribute: "
+ httpSession.getAttribute("id"));
return new ModelAndView("redirect:employee");
} else {
System.out.println("user not present");
return new ModelAndView("loginpage");
}
}
用戶認證
public class UserAuthentication {
public boolean doesUserExist(String uname, String passwrd) throws Exception {
GetSession ses = new GetSession();
Session session = ses.retSession();
String query = "from Users as u where u.users_email = :sUname and u.users_password = :sPass";
List list = session.createQuery(query).setString("sUname", uname)
.setString("sPass", passwrd).list();
Iterator iterator = list.iterator();
boolean userExists = false;
if (iterator.hasNext()) {
Users obj = (Users) iterator.next();
System.out.print(obj.getUsers_email() + "\t"
+ obj.getUsers_password() + "\n");
System.out.println(obj.getMyRoles());
System.out.println("Is Admin??? :" +obj.getMyRoles().toString().contains("Admin")); //gives if user is admin or not
System.out.println(obj.getUser_id());
userExists = true;
}
System.out.println(userExists);
return userExists;
}
}
Tabs.jsp
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
<body>
<div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
<a href="employee"> Employee Details </a>
<a href="department"> Departments </a>
<a href="designation"> Designation </a>
<a href="logout"> Logout </a>
<a href="user"> Users </a>
<a href="roles"> Roles </a>
</div>
</body>
</html>
僅當用戶為admin且此tabs.jsp包含在應用程序的每個頁面中時,才顯示用戶和角色鏈接。
將User
對象放在Controller的HttpSession
中,然后在jsp中檢查已登錄的User
是否為admin。
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<html>
<body>
<div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
<a href="employee"> Employee Details </a>
<a href="department"> Departments </a>
<a href="designation"> Designation </a>
<a href="logout"> Logout </a>
<c:if test=${sessionScope.user.isAdmin}>
<a href="user"> Users </a>
<a href="roles"> Roles </a>
</c:if>
</div>
</body>
</html>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.