secure login

asked 2013-10-19 14:46:03 +0800

daovallec gravatar image daovallec
11 2

updated 2013-10-19 15:29:59 +0800

I have a login with zk this is my login:

<window id="Mnos" border="normal" width="320px"
        viewModel="@id('vm') @init('login.Login')">

    Username: <textbox value="@save(vm.username)"/>
    Password: <textbox value="@save(vm.password)" type="password" />
    <button label="submit" onClick="@command('login')" />


And this is my model:

public class Login {

String username;
String password;

public void setUsername(String username) {
    this.username = username;

public void setPassword(String password) {
    this.password = password;

@NotifyChange({"username", "password"})
public void login() {

    Users user = UsersDAO.getUserByEmail(username);
    if(user != null && md5function.MD5(password).equals(user.getPassword())){
            Sessions.getCurrent().setAttribute("sessionUser", user.getIdUser());
            boolean role = false;
            Sessions.getCurrent().setAttribute("sessionRole", role);
        Messagebox.show("email or password incorrect");


The problem is that i do not have a secure login, a user can go to another page without do the login.

My login only verify if the user and the password of the user exist in the database, and i do not know how can i integrate the security to my pages.

I have two roles:


And i save a sessionVariable call: sessionRole with true if the user is administrator, but, and i have in my view in some tabs if the role is true: visible = true, i do not know if it is well.

Somebody can help me?

I am reading:

http:// books.zkoss.org/wiki/ZK%20Spring%20Essentials/Working%20with%20ZK%20Spring/Working%20with%20ZK%20Spring%20Security/Add%20Page%20Based%20Security%20Using%20Authorized%20Roles

But i do not understand very well the configurations

And other examples use maven, and my project not use maven =S

delete flag offensive retag edit

2 Answers

Sort by ยป oldest newest most voted

answered 2013-10-20 13:59:05 +0800

Bobzk gravatar image Bobzk
428 1 5

If you don't need Spring for anything else in you application and are just trying to use if for security, have a look at Shiro instead. Easier to understand and install/setup than Spring.

Shiro Site

link publish delete flag offensive edit

answered 2013-10-22 02:53:10 +0800

cor3000 gravatar image cor3000
5673 2 7
ZK Team

If spring is complex for your use case, you can use the ZK if-attribute to hide certain elements based on a condition or use the Initiator listener to trigger a redirect in case a user is not authenticated or not authorized to view a page.

Check the examples on this tutorial.

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2013-10-19 14:46:03 +0800

Seen: 30 times

Last updated: Oct 22 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More