Integrate jGuard in your jsp pages
Add standard.jar, and jstl.jar in the lib directory and add them to the path.
you should add the JGuard taglib reference in the web.xml :
......... ......... <taglib> <taglib-uri>/tags/jguard</taglib-uri> <taglib-location>/WEB-INF/conf/tld/jGuard.tld</taglib-location> </taglib> ......... .........
You should put also for this example, the jGuard.tld (provided in the jGuard distribution), in the /WEB-INF/conf/tld/ directory.
-
<jguard:authorized>
The <jguard:authorized> tag is used to protect page fragments:
............ ............ <jguard:authorized uri="/myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do"> this text appears only if you are authorized. </jguard:authorized> ............ ............
The text will be rendered by the jsp, only if your user, have one role,at least, which have a permission to the uri /myApplication/SwitchToModule.do?prefix=/forum&page=/ForumPanorama.do' It is important to note that a fragment is protected with a uri, and not a role. If you update the role permissions, you have not to change the jsp!!!
-
<jguard:hasRole>
The tag <jguard:hasRole>, display content only if the user has got a role called like the 'name' value. 'roles' attribute can have 1 à or more roles splitted by semicolon. 'operator' attribute permits to set how the tag works with 'roles':
- if 'NONE' is set, tag will display contents only if authenticated user hasn't got any roles in the specified roleSet.
- if 'ANY' is set, tag will display contents only if authenticated user has one or more roles in the specified roleSet.
- if 'ANY' is set, tag will display contents only if authenticated user has all roles in the specified roleSet.
- when the 'operator' attribute is not specified, 'ANY' is used by default.
............ ............ <jguard:hasRole name="admin"> hello!! you have got a role called admin </jguard:hasRole> ............ ............
Note that if you change the name of the role, you will update the jsp code, in opposite of the first tag <jguard:authorized>. So, the tag <jguard:authorized> should be used mostly to protect html links, and <jguard:hasRole> should be used to protect 'functional' content.
-
<jguard:pubCredential>
The <jguard:pubCredential> tag, display the public credential of a user identified by an "id". If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); otherwise, the tag render "".
............ ............ <jguard:pubCredential id="name" default="noName" /> ............ ............
-
<jguard:privCredential>
The <jguard:privCredential> tag, display the private credential of a user identified by an 'id'. If the authenticated user hasn't got this credential, the tag display the default value if the webapp developer use this feature(optional); Otherwise, the tag render "".
............ ............ <jguard:privCredential id="login" default="default" /> ............ ............