XPages: only show content for authorized users

July 8th, 2011

Today I was asked: how do you make sure that anonymous users do not see content that only logged on (and thereby authorized) users must see?

I often use a simple solution of having a xp:panel for anonymous users and another xp:panel for authorized users (both on the same XPage). Only one of the two panels are rendered based on whether the user is logged or not. So the two xp:panels would look like this:

Panel 1: for anonymous users

<xp:panel>
<xp:this.rendered><![CDATA[#{javascript:@UserName() == "Anonymous"}]]></xp:this.rendered>
You must log on to see contents.
</xp:panel>

Panel 2: for authorized users

<xp:panel>
<xp:this.rendered><![CDATA[#{javascript:(@UserName() != "Anonymous"}]]></xp:this.rendered>
This is the secret content.
</xp:panel>

You can combine this with the XPages Dojo Login Custom Control available on OpenNTF so that the user can stay on the page when logging on instead of going to a seperate login page.

Tags: , , ,

One Response to “XPages: only show content for authorized users”

  1. Andrew Says:

    Another good way to achieve the same result - using of ACL on Xpages. For example, I'm using the following code on each XPage, except home page with login link:

    	<xp:this.acl>
    		<xp:acl>
    			<xp:this.entries>
    				<xp:aclEntry type="ANONYMOUS" right="NOACCESS"></xp:aclEntry>
    				<xp:aclEntry type="DEFAULT" right="EDITOR"></xp:aclEntry>
    			</xp:this.entries>
    		</xp:acl>
    	</xp:this.acl>
    

    The benefits of such way - if user just forgot to authenticate - the Login screen will appear, and user can just sign-in and continue working!