Enabling/disabling submit button based on user credentials in JSP

Question

I have a web application which includes JSP and servlets. I want to enable certain submit buttons within forms only to a person with username called "admin" and password "admin". I am getting the user credentials from the login.jsp page and passing them to a servlet and then getting back to displayrecord.jsp where I want test if username="admin" and Password="admin" then enable the edit,delete and upload or else disbale them. But unfortunately this does not work.

Here is the code within JSP page for getting value from the servlet

<%
    String uname= (String)session.getAttribute("UserName");
    String upass= (String)session.getAttribute("UserPassword");
    %>

Here is the code which I tried for testing the condition using JSTL

<c:choose>
            <c:when test="{<%=uname%> == 'admin'}&& {<%=upass%> == 'admin'}">
            <form id="edit" action="EditRecord" method="post" >
            <td><input type="hidden" name="hidden_edit" id="edit_id" value="<%=s %>"/> 
            <input type="submit" value="Edit" name="edit"> </td>
            </form>
            <form id="delete" action="DeleteRecord" method="post" >
            <td><input type="hidden" name="hidden_delete" id="delete_id" value="<%=s %>"/>
            <input type="submit" value="delete" name="delete"> </td>
            </form>
            </c:when>
            </c:choose>
            <c:otherwise>
            <form id="edit" action="EditRecord" method="post" >
            <td><input type="hidden" name="hidden_edit" id="edit_id" value="<%=s %>"/> 
            <input type="submit" value="Edit" name="edit"> </td>
            </form>
            <form id="delete" action="DeleteRecord" method="post" >
            <td><input type="hidden" name="hidden_delete" id="delete_id" value="<%=s %>"/>
            <input type="submit" disabled="disabled" value="delete" name="delete"> </td>
            </form>
            </c:otherwise>

Could anyone tell me where I am going wrong or any better way to test the condition for enabling or disabling buttons

Answer 1

Scriplet code will be insertedd into page directly where as jstl variables are scope based. So add username and password into pagecontext and access them using jstl.

    <%
     String uname= (String)session.getAttribute("UserName");
     String upass= (String)session.getAttribute("UserPassword");
     pageContext.setAttribute("uname",uname);
     pageContext.setAttribute("upass",upass);
    %>

and change jstl code as:

    <c:choose>
        <c:when test="{uname == 'admin' && upass == 'admin'}">
            <form id="edit" action="EditRecord" method="post" >
                <td><input type="hidden" name="hidden_edit" id="edit_id" value="<%=s %>"/> 
                <input type="submit" value="Edit" name="edit"> </td>
            </form>
            <form id="delete" action="DeleteRecord" method="post" >
                <td><input type="hidden" name="hidden_delete" id="delete_id" value="<%=s %>"/>
                <input type="submit" value="delete" name="delete"> </td>
            </form>
        </c:when>
        <c:otherwise>
            <form id="edit" action="EditRecord" method="post" >
                <td><input type="hidden" name="hidden_edit" id="edit_id" value="<%=s %>"/> 
                <input type="submit" value="Edit" name="edit"> </td>
            </form>
            <form id="delete" action="DeleteRecord" method="post" >
                <td><input type="hidden" name="hidden_delete" id="delete_id" value="<%=s %>"/>
                <input type="submit" disabled="disabled" value="delete" name="delete"> </td>
            </form>
        </c:otherwise>
    </c:choose>

You closed c:choose right after c:when. You need to close after c:otherwise. That way it ensures to display otherwise content when condition fails.

Answer 2

Try changing the condition to:

 <c:when test="{uname == 'admin' && upass == 'admin'}">