开发者

Testing if a User is Logged in Via JSP/Spring-MVC

Using Spring 3 MVC and JSP, I simply want to test if a user is logged in, I'm not interested in using Spring Security currently

<jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
<c:choose>
    <c:when test="myUser.loggedIn">
        //dostuff
    </c:when>
    <c:otherwise>
        //dootherstuff
    </c:otherwise>
</c:choose>

But the problem is that when there isn't yet a myAppUser in the session, jsp:useBean throws an exception. Now I realize that I can have the JSP:useBe开发者_如何学Goan actually instantiate the object by giving it a class, but I don't like knowing that somewhere in some JSP fragment I have objects being instantiated and added to my session, so I either want to always set an initial value for that user, and have control over it programatically, or I'd like a way to get that bean that allows it to be null or not exist, if it doesn't exist just return null

either way would be fine

if my question points to a fundamental misunderstanding in what I should be doing please provide a link to documentation that will thoroughly explain this use case


This is not the right approach, but in fact you could solve the particular issue with the JSTL <c:catch>.

<c:catch var="e">
    <jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
</c:catch>
<c:choose>
    <c:when test="${empty e && myUser.loggedIn}">Logged in</c:when>
    <c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>

The right approach is described in answer of matt b. You really need to solve it at a higher level. Have a bean something like UserManager which has the User as child property along several methods like login(User), logout() and isLoggedIn(). If the user is logged in, then the User ought to be non-null. When the user logs out, then the User ought to be set to null.


Update as per comments: As an alternative, you can also just get rid of the whole jsp:useBean declaration and intercept on the presence of the MVC-framework injected ${myUser} in the session.

<c:choose>
    <c:when test="${myUser.loggedIn}">Logged in</c:when>
    <c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>

EL will namely transparently "suppress" potential nullpointerexceptions and just return false.


Testing for something like "is this person logged in?" by examining the Session object in the View kind of blurs the lines between the roles of the Model, the View, and the Controller.

Regardless of figuring out the correct JSTL syntax to use to not get jsp:useBean to throw an exception, I suggest moving the check for logged-in to the controller side and have the view test if a "isLoggedIn" property exists in the model.

  1. Controller checks if the session contains a user object, adds a property isLoggedIn to the model with a value of true or false.
  2. The logic in the view branches on the value of ${isLoggedIn}.

In other words, the view should be checking only the model for properties/data, and not accessing the session or other state directly.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜