XPages: only show content for authorized users

July 8th, 2011

Today I was asked: how do you make sure that anonymous users do not see content that only logged on (and thereby authorized) users must see?

I often use a simple solution of having a xp:panel for anonymous users and another xp:panel for authorized users (both on the same XPage). Only one of the two panels are rendered based on whether the user is logged or not. So the two xp:panels would look like this:

Panel 1: for anonymous users

<xp:this.rendered><![CDATA[#{javascript:@UserName() == "Anonymous"}]]></xp:this.rendered>
You must log on to see contents.

Panel 2: for authorized users

<xp:this.rendered><![CDATA[#{javascript:(@UserName() != "Anonymous"}]]></xp:this.rendered>
This is the secret content.

You can combine this with the XPages Dojo Login Custom Control available on OpenNTF so that the user can stay on the page when logging on instead of going to a seperate login page.

Tags: , , ,

One Response to “XPages: only show content for authorized users”

  1. Andrew Says:

    Another good way to achieve the same result - using of ACL on Xpages. For example, I'm using the following code on each XPage, except home page with login link:

    				<xp:aclEntry type="ANONYMOUS" right="NOACCESS"></xp:aclEntry>
    				<xp:aclEntry type="DEFAULT" right="EDITOR"></xp:aclEntry>

    The benefits of such way - if user just forgot to authenticate - the Login screen will appear, and user can just sign-in and continue working!