• Post Reply Bookmark Topic Watch Topic
  • New Topic

how to disable submit button in jsp based on the login credentials?

 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
how to disable submit button in jsp based on the login credentials?
suppose if Admin login, I need to show and enable the all the buttons like(ADD,EDIT,DELETE)
but if Employee login then i need to show and enable only ADD button.
could you give me some suggestions?
Thanks
 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check the session object and try disabling the buttons. You should use the html input disable property/attribute.
 
Palak Mathur
Ranch Hand
Posts: 342
IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
veera sangham wrote:how to disable submit button in jsp based on the login credentials?
suppose if Admin login, I need to show and enable the all the buttons like(ADD,EDIT,DELETE)
but if Employee login then i need to show and enable only ADD button.
could you give me some suggestions?
Thanks


I hope that you know how to enable or disable a button using Javascript. If yes, then extract the login credentials and make necessary check and call the scrip to disable or enable the button.
 
Vijay kumarIdbi
Greenhorn
Posts: 4
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Buddy,

You can just create a div tag and set all the buttons in that and based on the credentials just disable/enable the div.

eg:-

<div id="User">
<input type="button" label="Add">
</div>

<div id="Admin" style="display: none;">
<input type="button" label="Add">
<input type="button" label="Update">
<input type="button" label="Delete">
</div>

and then enable disable the div using js

document.getElementById('Admin').style.display = 'block';
document.getElementById('user').style.display = 'none';
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65522
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Naruto Uzumaki wrote:
You can just create a div tag and set all the buttons in that and based on the credentials just disable/enable the div.

That's a poor approach. Never wait until the client to do things that could be done not he sever. Use JSP conditionals (such as the JSTL <c:if> tag) to not put the controls on the age in the first place.

And, I'm sure that you are also checking in the server code that people have the appropriate credentials when the operations are performed, right? Simply hiding or omitting buttons is far from secure.
 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for everyone,

Bear Bibeault sounds good,
I need to provide more secure to login credentials?
we are using Tomcat 6.0 server, Oracle db, struts , Hibernate.
could you please tell me briefly? if possible ,please provide code patch
 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I written the code for put user credentials in session in the StrutsAction class and
using scriptlet tag I got the userCredentials and I try to access the credentials from scriptlet tag code for disabling buttons using javascript but I unable to do.

please give me some Idea
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65522
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You shouldn't be using JavaScript at all for this. Use JSP to not include anything that isn;t appropriate in the first place.

And my point was that just omitting a button, lets say a Delete button, isn't any security. When a Delete action is submitted, the operation must be verified agains user permissions. Otherwise, anyone who can figure out how to submit a Delete request even without a button showing can invade your system.
 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry Bear,
I didn't get it what you are said, could you explain with example?
please give me atleast some code patch.
 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<SCRIPT language="javascript">
function disabled(){
<%
String user= session.getAttribute("username");
%>
var userName=<%= user%>;
if(userName.equals("someName"){
document.getElementById("edit").disabled=true;
document.getElementById("delete").disabled=true;
}
}
<body onload="disabled()">
<html:form action="/someAction">
<html:submit property="add">ADD</html:submit>
<html:submit property="edit">EDIT</html:submit>
<html:submit property="delete">DELETE</html:submit>
</html:form>
</body>

I written like above code and it is working fine.
I think it is not a good programming and also not secure.

 
chaitanya karthikk
Ranch Hand
Posts: 806
Java MySQL Database Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Veera: As Mr. Bear said you should not use javascript to do this.

You have to take a business decision at the server side whether or not to perform delete. I can explain you the process I follow.

Upon receiving valid login credentials you set a HttpSession on the logged in user in the servlet. So you will have have to create 2 different kind of sessions, one for user and one for admin like



Now when a request comes to an appropriate servlet you have to check the session using session.getAttribute(String).



This is just a basic idea. There is much more to do while setting a session object.
 
veera sangham
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for all
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!