I've set a session that controls the menu based on the role of every user... Now for example I have this
<c:set var="role" scope="session" value='<%=((Long) session.getAttribute("role")).longValue()%>' />
<c:if test="${role == 121}">
<div id="menu">
<span class="menu-header">Registration</span>
<ul>
<li>Organization Registry</li>
</ul>
</div>
</c:if>
<div id="menu">
<span class="menu-header">Directory</span>
<ul>
<li>Organization</li>
</ul>
</div>
Now what if I want to go to that page without logging in? I tried to go to that page without logging in but NullPointetExcepetion was encountered basically because I don't have any session stored in the role. I set every session when the user logs in. When not logging in I want to view menu that does not need any role... For example I redirect to that page with one link that can be viewed by other.
How can I still view the directory menu when I'm not logged in?
Get rid of the <c:set> line altogether. You don't need it. EL ${} already searches for attribtues in page, request, session and application scope. The NPE is caused because you invoked longValue() on null.
Remember: you should never mix oldschool scriptlets <% %> with modern EL ${}. That makes no sense. You'll only confuse yourself.
See also:
Our EL wiki page
Related
I am implementing Role based spring security
In this example they have used thymeleaf for frontend purpose, but I am using angular9 with html.
they are using sec:authorize="hasRole('ROLE_ADMIN')" to provide access to the admin,in the same way if I want to provide the same thing in html, for that I have used the following code,
<li *ngFor="let user of users">
{{user.username}} ({{user.firstName}} {{user.lastName}})
- <a sec:authorize="hasRole('ROLE_ADMIN')" (click)="deleteUser(user.userid)" class="text-danger">Delete</a>
</li>
The person logged in is Role_user, eventhough the delete link is visible to the user.
How can I restrict.
Thanks in advance.
use *ngIf directive to show and hide the anchor tag
<li *ngFor="let user of users">
{{user.username}} ({{user.firstName}} {{user.lastName}})
- <a *ngIf="hasRole('ROLE_ADMIN')" (click)="deleteUser(user.userid)" class="text-danger">Delete</a>
</li>
but the hasRole() must return boolean. because *ngIf accepts the boolean
here is my problem. How could I hide the value of the parameter from the url? because I don't have idea how to hide it. it keep on appearing like this (http://localhost:8084/YIP/MentorServlet?action=peribadi&mentorid=951218-02-5598)
<div id="mySidenav" class="sidenav">
<a href="javascript:void(0)" class="closebtn" onclick="closeNav()">×
</a>
<% String id=request.getParameter("mentorid");%>
<li>
Utama
</li>
<li>
Peribadi
</li>
Some options:
do nothing: this is the best one, as there is no such thing as securely hiding something in HTML. Whoever looks into the page source, will see how the servlet in question can be invoked
switch to a form and a submit button, something what #alayor shows. If you use POST, the parameters will not appear in the URL
switch to a form, but keep the looks of an anchor and submit form from JavaScript (some docs some overcomplicated examples)
manipulate browser history from the target page (docs1, docs2)
keep mentorid in a session variable on server-side: hackers never see it
keep mentorid in an encrypted cookie: hackers see it, but can not decode. However they can try reusing it later (replay attack)
the various other ones I have forgotten and/or never even heard about
You can create an HTML for instead of an anchor.
<div id="mySidenav" class="sidenav">
<a href="javascript:void(0)" class="closebtn" onclick="closeNav()">×
</a>
<% String id=request.getParameter("mentorid");%>
<li>
Utama
</li>
<li>
<form action="/MentorServlet" method="POST">
<input type="hidden" name="action" value="peribadi" />
<input type="hidden" name="mentorid" value="<%=id%>" />
<button>Peribadi</button>
</form>
</li>
This way you can avoid sending the parameter in the URL and it will send in the HTTP Request Body instead.
I'm facing an issue as to redirecting my website to a certain specific URL...
to better explain, I'm adding an auto refresh meta to the top of my jsp that refreshes the web page every 15 minutes, the only problem here is that when the 15 minutes are over, instead of refreshing the same page (thus calling the same servlet to recalculate what needs to be recalculated) it redirects to the home page!(defined in xml as login.jsp)
Now I've tried to debug the code to see which part is redirecting to the home page but it seems that it's no power of my own! it's probably something Tomcat is doing that I'm not aware of. It already happened to me before and the solution was to add an attribute to the session scope session.setAttribute("User",user);
but not this time...
To support my point(It's not a session problem), here's a portion of the code directly extracted from the page source code after redirection
<header>
<h1>WelcomeTV</h1>
</header>
<section>
<form action="Login" method="post">
<ul>
<li><label for="username">Username</label></li>
<li><input type="text" name="user" id="username" placeholder="Your Username" value="wtv_administratifs"></li>
<li><label for="password">Password</label></li>
<li><input type="password" name="password" id="password" placeholder="Your Password"></li>
<li><input type="submit" value="Log in"></li>
</ul>
<p class="reset_pwd">Reset your password</p>
<p class="change_pwd">Change your password</p>
</form>
</section>
You can see that the value is filled, and in my jsp the value is taking ${sessionScope.username} so this proves that the session is still valid
Please help me? if it's not clear please let me know, I'll try to make myself clearer.
Set up your session config in your web xml to -1 if you do not want it to expire
Well, This is embarrassing... It seems the little problem I have has nothing to do with the previous one I resolved with an input into the session scope.
The issue was simply that the URL after logging into my website stays //Context/Login (HTTP POST ><) and with the meta auto refresh, it does not refresh the servlet called after the login, it actually refreshes the same URL displayed above => Login and thus redirects me to the login page...
Issue resolved by adding
<META HTTP-EQUIV="refresh" CONTENT="900;URL=http://10.84.18.53:8080/Welcome_TV/display"> which is the servlet that needs to do all the recalculation.
Issue resolved, thank you for you comments and terribly sorry for your time :)
This question already has answers here:
How can I retain HTML form field values in JSP after submitting form to Servlet?
(2 answers)
Closed 7 years ago.
Here is my code, how can i retain the values of the form when i click on the hyper reference link.(a href: bottom of the code)
<form action="APPServlet">
<div class="">
<div class="">Search For:</div>
<div class="">
<input type="text" size="45" align="right" name="searchRequest">
</div>
</div>
<div class="">
<div class="">Exclude:</div>
<div class="">
<input type="text" size="45" align="right" name="excludeWords">
</div>
</div>
<div class="">
<div class="">In Modules:</div>
<div class="">
<select name="modules">
<option name="module" value="all">All modules</option>
<c:forEach var="module" items="${modelObj.modules}">
<option name="module" value="${module}">${module}</option>
</c:forEach>
</select>
</div>
</div>
</form>
<!-- ahref outside the form , this does not work
&searchRequest=${searchRequest} <- Guess the value is out of scope
-->
<div class="div-table-row">
<div class="div-table-single-col">
${question.id} ${question.topic}
</div>
</div>
You have several possibilities, and all involve JavaScript.
When clicking on the link, change its href using JavaScript by appending all the values of the inputs of the form as parameters of the URL
When clicking on the link, add a hidden field to the form containing the question ID, change the action of the form to make it go to MCQApp instead of going to APPServlet, and submit the form
The cleanest one: when clicking on the link, send an AJAX request to a URL which responds with an HTML fragment (or data), and replace the section of the page that you want to update with this HTML fragment, thus leaving the form as it is in the page.
There are two ways, if you're working with a session, store it as an attribute of your session. But if you're not using sessions, you can use Cookies, just store the values you want in a new cookie and then call the cookie and obtain the values.
Sessions are cookies as well, but they have another functions, the cookies are simplier and help you to store values that you can reuse later. Best regards
Keep the data passed in a model and use it in the jsp like,
Keep all your Input variables in search model object and update it whenever search is called.Keep searchRequest in the request attribute before rendering the response.
I just inherited a project implemented in JSF. I have the following code which looks fine in Chrome, but Firefox renders the borders on the "empty" list items:
<ul>
<li><a href="/home">Home</li>
<li>
<s:link view="/signup.xhtml" rendered="#{someCondition}">Sign Up</s:link>
</li>
<!-- etc... -->
</ul>
Which ends up looking like:
Is there a JSF tag to conditionally render the <li> ?
If you do it as in #CoolBeans example, you will get a <span> around your <li>. In some cases it might disrupt your layout, besides you don't really want an extra tag under <ul>. To get rid of it, use <ui:fragment rendered="#{condition}" /> around your item instead of <h:panelGroup>.
Also you can use style attribute to hide an item:
<li style="display: #{condition ? 'list-item' : 'none'};" />
No li is vanilla html, not a jsf component.
You can hack it by putting a <h:panelGroup /> around the li element and setting the rendered property on it.
ie.
<h:panelGroup rendered="#{someCondition}">
<li>
<s:link view="/signup.xhtml">Sign Up</s:link>
</li>
</h:panelGroup>
Another option is to use <f:verbatim rendered="#{someCondition}" >, but keep in mind that it has been deprecated in JSF 2.0.
You could also use the core JSTL library:
<c:if test="#{someCondition}">
<li>
<s:link view="/signup.xhtml">Sign Up</s:link>
</li>
</c:if>
I think using this core tag makes the code easier to understand than using the panelGroup tag.