ShowForRole (WEB4J Javadoc)

Overview

Package

Class

Tree

Deprecated

Index

Help

Version 4.10.0

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

hirondelle.web4j.ui.tag
Class ShowForRole

Object
  SimpleTagSupport
      hirondelle.web4j.ui.tag.TagHelper
          hirondelle.web4j.ui.tag.ShowForRole

All Implemented Interfaces:: JspTag, SimpleTag

public final class ShowForRole
extends TagHelper
extends TagHelper

Toggle display according to the user's role.

It's important to note that the sole use of this tag does not robustly enforce security constraints. This tag is meant as a "cosmetic convenience" for removing items from JSPs (usually a link). The problem is that a hacker can always construct any given URI manually and send it to the server. Such malicious requests can only be handled robustly by a security-constraint defined in web.xml.

Example:

 <w:show ifRole="webmaster,translator">
   show tag content only if the user is logged in, 
   and has at least 1 of the specified roles
 </w:show>

Example with role specified by negation:

 
 <w:show ifRoleNot="read-only">
   show tag content only if the user is logged in, 
   and has none of the specified roles
 </w:show>

Example with logic attached not to role, but simply whether or not the user has logged in:

 <w:show ifLoggedIn="true">
   show tag content only if the user is logged in 
 </w:show>

 <w:show ifLoggedIn="false">
   show tag content only if the user is not logged in 
 </w:show>

The above styles are all mutually exclusive. You can specify only 1 attribute at a time with this tag.

The body of this class is either echoed as is, or is suppressed entirely.

By definition (in the servlet specification), a user is logged in when request.getUserPrincipal() returns a value having content. When a user is logged in, the container can assign 1 or more roles to the user. Roles are only assigned after a successful login.

Constructor Summary
`ShowForRole()`

Method Summary
`protected void`	`crossCheckAttributes()` One and only one of the `setIfRole(java.lang.String)`, `setIfRoleNot(java.lang.String)`, or `setIfLoggedIn(String)` attributes must be set.
`protected String`	`getEmittedText(String aOriginalBody)` See class comment.
`void`	`setIfLoggedIn(String aFlag)` Optional, simple flag indicating if user is or is not logged in.
`void`	`setIfRole(String aRoles)` Optional, comma-delimited list of accepted roles.
`void`	`setIfRoleNot(String aRoles)` Optional, comma-delimited list of denied roles.

Methods inherited from class hirondelle.web4j.ui.tag.TagHelper
`checkForContent, doTag, getPageContext, getPageName, getRequest, getResponse`

Methods inherited from class SimpleTagSupport
`findAncestorWithClass, getJspBody, getJspContext, getParent, setJspBody, setJspContext, setParent`

Methods inherited from class Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ShowForRole

public ShowForRole()

Method Detail

setIfRole

public void setIfRole(String aRoles)

Optional, comma-delimited list of accepted roles.

setIfRoleNot

public void setIfRoleNot(String aRoles)

Optional, comma-delimited list of denied roles.

setIfLoggedIn

public void setIfLoggedIn(String aFlag)

Optional, simple flag indicating if user is or is not logged in.

Parameters:: aFlag - - see Util.parseBoolean(String) for the list of accepted values.

crossCheckAttributes

protected void crossCheckAttributes()

One and only one of the setIfRole(java.lang.String), setIfRoleNot(java.lang.String), or setIfLoggedIn(String) attributes must be set.

Overrides:: crossCheckAttributes in class TagHelper

getEmittedText

protected String getEmittedText(String aOriginalBody)

See class comment.

Specified by:: getEmittedText in class TagHelper

Parameters:: aOriginalBody - is the evaluated body of this tag. If there is no body, or if the body is present but empty, then it is null.
Returns:: the text to display in the resulting web page.