Welcome to the jGuard's wiki » jGuard Documentation » 1 Integrate jGuard in your jsp pages

1 Integrate jGuard in your jsp pages

Last modified by RaffaelloPelagalli on 2007/02/27 22:47

taglibs: Integrate jGuard in your jsp pages

Add standard.jar, and jstl.jar in the lib directory and add them to the path.

The tag is used to protect page fragments:

<jguard:authorized uri="/myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do">
this text appears only if you are authorized.
</jguard:authorized>

The text will be rendered by the jsp, only if your user, has at least one role with permission to access the uri /myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do'

It is important to note that a fragment is protected with a uri, and not a role. If you update the role permissions, you have not to change the jsp!!!

The tag , displays content only if the user has the permission defined with this tag. it supports any java.security.Permission subclass. the tag is a specialized version of this tag, dedicated to URLPermission.

<jguard:hasPermission className="java.io.FilePermission" name="/home/myDirectory" actions="read">
content displayed only if the user has got the specified permission
</jguard:hasPermission>

The tag , displays content only if the user has a role called like the 'principals' value.

<jguard:hasPrincipal principals="admin">
hello!! you have got a role called admin
</jguard:hasPrincipal>

'principals' attribute can have 1 or more roles splitted by a comma. 'operator' attribute permits to set how the tag works with 'roles':

  • if 'NONE' is set, tag will display contents only if authenticated user hasn't got any roles in the specified roleSet.
  • if 'ANY' is set, tag will display contents only if authenticated user has one or more roles in the specified roleSet.
  • if 'ALL' is set, tag will display contents only if authenticated user has all roles in the specified roleSet.
  • when the 'operator' attribute is not specified, 'ANY' is used by default.
<jguard:hasPrincipal principals="admin,restricted" operator="NONE">
hello!! you have got neither a role called admin nor restricted
</jguard:hasPrincipal>

Note that if you change the name of the role, you will update the jsp code, in opposite of the first tag . So, the tag should be used mostly to protect html links, and should be used to protect 'functional' content.

The tag, display the public credential of a user identified by an "id". If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); otherwise, the tag render "".

<jguard:pubCredential id="name" default="noName" />

The tag, display the private credential of a user identified by an 'id'. If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); Otherwise, the tag render "".

<jguard:privCredential id="login" default="default" />

All the jguard tags support expression language (EL).

Tags:
Created by diabolo512 on 2006/02/09 14:31

jGuard team copyright 2004-2009
3.1.1