taglibs: Integrate jGuard in your jsp pages

Add standard.jar, and jstl.jar in the lib directory and add them to the path.

The tag is used to protect page fragments: 

<jguard:authorized uri="/myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do">
this text appears only if you are authorized.
</jguard:authorized>

The text will be rendered by the jsp, only if your user, has at least one role with permission to access the uri /myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do'

It is important to note that a fragment is protected with a uri, and not a role. If you update the role permissions, you have not to change the jsp!!!

The tag , displays content only if the user has the permission defined with this tag. it supports any java.security.Permission subclass. the tag is a specialized version of this tag, dedicated to URLPermission.

<jguard:hasPermission className="java.io.FilePermission" name="/home/myDirectory" actions="read">
content displayed only if the user has got the specified permission
</jguard:hasPermission>

The tag , displays content only if the user has a role called like the 'principals' value.

<jguard:hasPrincipal principals="admin">
hello!! you have got a role called admin
</jguard:hasPrincipal>

'principals' attribute can have 1 or more roles splitted by a comma. 'operator' attribute permits to set how the tag works with 'roles':

  • if 'NONE' is set, tag will display contents only if authenticated user hasn't got any roles in the specified roleSet.
  • if 'ANY' is set, tag will display contents only if authenticated user has one or more roles in the specified roleSet.
  • if 'ALL' is set, tag will display contents only if authenticated user has all roles in the specified roleSet.
  • when the 'operator' attribute is not specified, 'ANY' is used by default.
<jguard:hasPrincipal principals="admin,restricted" operator="NONE">
hello!! you have got neither a role called admin nor restricted
</jguard:hasPrincipal>

Note that if you change the name of the role, you will update the jsp code, in opposite of the first tag . So, the tag should be used mostly to protect html links, and should be used to protect 'functional' content.

The tag, display the public credential of a user identified by an "id". If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); otherwise, the tag render "".

<jguard:pubCredential id="name" default="noName" />

The tag, display the private credential of a user identified by an 'id'. If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); Otherwise, the tag render "".

<jguard:privCredential id="login" default="default" />

All the jguard tags support expression language (EL).

Version 1.13 last modified by Charles Gay on 27/02/2007 at 22:47

Comments 0

No comments for this document

Attachments 0

No attachments for this document
Menu

 
Creator: Charles Gay on 2006/02/09 14:31
jGuard team copyright 2004-2007
1.1.1