根据用户角色在jsp中显示字段（不使用spring security）

debugcn 发表于 Dev

Arjun

我有一个tabs.jsp，其中包含指向其他页面的链接。管理员登录时，必须给他2个额外的链接以添加用户和角色。同时进行身份验证，无法验证用户是否为管理员。验证时，如果没有重定向到登录页面，则如果存在用户，则将控制权返回给用户显示页面。如果用户是管理员，我如何实现这两个额外的链接？

我的控制器

    @RequestMapping(value = "auth", method = RequestMethod.POST)
        public ModelAndView printStringLogin(
                @ModelAttribute("USERS") Users userAuthentication,
                HttpSession httpSession, ModelMap model) {
            System.out.println(userAuthentication.getUsers_email());
            System.out.println(userAuthentication.getUsers_password());
            UserAuthentication userAuthentication2 = new UserAuthentication();
            boolean exists = false,admin = false;
            try {
                exists = userAuthentication2.doesUserExist(
                        userAuthentication.getUsers_email(),
                        userAuthentication.getUsers_password());
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (exists == true) {
                System.out.println("user present");
                httpSession.setAttribute("id", userAuthentication.getUsers_email());
                System.out.println("Session Attribute: "
                        + httpSession.getAttribute("id"));
                return new ModelAndView("redirect:employee");
            } else {
                System.out.println("user not present");
                return new ModelAndView("loginpage");
            }
    }

用户认证

public class UserAuthentication {
    public boolean doesUserExist(String uname, String passwrd) throws Exception {
        GetSession ses = new GetSession();
        Session session = ses.retSession();
        String query = "from Users as u where u.users_email = :sUname and u.users_password = :sPass";
        List list = session.createQuery(query).setString("sUname", uname)
                .setString("sPass", passwrd).list();

        Iterator iterator = list.iterator();
        boolean userExists = false;
        if (iterator.hasNext()) {
            Users obj = (Users) iterator.next();
            System.out.print(obj.getUsers_email() + "\t"
                    + obj.getUsers_password() + "\n");
            System.out.println(obj.getMyRoles());
            System.out.println("Is Admin??? :" +obj.getMyRoles().toString().contains("Admin")); //gives if user is admin or not
            System.out.println(obj.getUser_id());
            userExists = true;
        }
        System.out.println(userExists);
        return userExists;
    }
}

Tabs.jsp

    <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
        pageEncoding="ISO-8859-1"%>
    <html>
    <body>
        <div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
            <a href="employee">&nbsp; Employee Details </a>
            <a href="department"> Departments </a>
            <a href="designation"> Designation </a>
            <a href="logout"> Logout </a>
            <a href="user"> Users </a>
            <a href="roles"> Roles </a>
        </div>
    </body>
    </html>

仅当用户为admin且此tabs.jsp包含在应用程序的每个页面中时，才显示用户和角色链接。

拉梅什·柯莎（Ramesh Kotha）

将User对象放在HttpSessionController中，然后检查登录的用户是否User在jsp中是admin

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
        pageEncoding="ISO-8859-1"%>
    <html>
    <body>
        <div id="tabs" style="background-color: #C8C8C8; font-family: fantasy;">
            <a href="employee">&nbsp; Employee Details </a>
            <a href="department"> Departments </a>
            <a href="designation"> Designation </a>
            <a href="logout"> Logout </a>
            <c:if test=${sessionScope.user.isAdmin}>
            <a href="user"> Users </a>
            <a href="roles"> Roles </a>
            </c:if>
        </div>
    </body>
    </html>

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。