|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Object SimpleTagSupport hirondelle.web4j.ui.tag.TagHelper hirondelle.web4j.ui.tag.ShowForRole
public final class ShowForRole
Toggle display according to the user's role.
It's important to note that the sole use of this tag does not robustly enforce security constraints. This tag is meant as a "cosmetic convenience" for removing items from JSPs (usually a link). The problem is that a hacker can always construct any given URI manually and send it to the server. Such malicious requests can only be handled robustly by a security-constraint defined in web.xml.
Example:
<w:show ifRole="webmaster,translator"> show tag content only if the user is logged in, and has at least 1 of the specified roles </w:show>Example with role specified by negation:
<w:show ifRoleNot="read-only"> show tag content only if the user is logged in, and has none of the specified roles </w:show>Example with logic attached not to role, but simply whether or not the user has logged in:
<w:show ifLoggedIn="true"> show tag content only if the user is logged in </w:show> <w:show ifLoggedIn="false"> show tag content only if the user is not logged in </w:show>The above styles are all mutually exclusive. You can specify only 1 attribute at a time with this tag.
The body of this class is either echoed as is, or is suppressed entirely.
By definition (in the servlet specification), a user is logged in when request.getUserPrincipal() returns a value having content. When a user is logged in, the container can assign 1 or more roles to the user. Roles are only assigned after a successful login.
Constructor Summary | |
---|---|
ShowForRole()
|
Method Summary | |
---|---|
protected void |
crossCheckAttributes()
One and only one of the setIfRole(java.lang.String) , setIfRoleNot(java.lang.String) , or
setIfLoggedIn(String) attributes must be set. |
protected String |
getEmittedText(String aOriginalBody)
See class comment. |
void |
setIfLoggedIn(String aFlag)
Optional, simple flag indicating if user is or is not logged in. |
void |
setIfRole(String aRoles)
Optional, comma-delimited list of accepted roles. |
void |
setIfRoleNot(String aRoles)
Optional, comma-delimited list of denied roles. |
Methods inherited from class hirondelle.web4j.ui.tag.TagHelper |
---|
checkForContent, doTag, getPageContext, getPageName, getRequest, getResponse |
Methods inherited from class SimpleTagSupport |
---|
findAncestorWithClass, getJspBody, getJspContext, getParent, setJspBody, setJspContext, setParent |
Methods inherited from class Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public ShowForRole()
Method Detail |
---|
public void setIfRole(String aRoles)
public void setIfRoleNot(String aRoles)
public void setIfLoggedIn(String aFlag)
aFlag
- - see Util.parseBoolean(String)
for the list of accepted values.protected void crossCheckAttributes()
setIfRole(java.lang.String)
, setIfRoleNot(java.lang.String)
, or
setIfLoggedIn(String)
attributes must be set.
crossCheckAttributes
in class TagHelper
protected String getEmittedText(String aOriginalBody)
getEmittedText
in class TagHelper
aOriginalBody
- is the evaluated body of this tag. If there is no body, or
if the body is present but empty, then it is null.
|
Version 4.10.0 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |