Overview  Package   Class  Tree  Deprecated  Index  Help 
Version 4.0.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

hirondelle.web4j.ui.tag
Class ShowForRole

Object
  extended by SimpleTagSupport
      extended by hirondelle.web4j.ui.tag.TagHelper
          extended by hirondelle.web4j.ui.tag.ShowForRole
All Implemented Interfaces:
JspTag, SimpleTag
public final class ShowForRole
extends TagHelper

Toggle display according to user role.

It is important to note that the sole use of this tag does not robustly enforce security constraints. This tag is meant as a "cosmetic convenience" for removing items from JSPs (usually a link). The problem is that a hacker can always construct any given URI manually and send it to the server. Such malicious requests can only be handled robustly by a security-constraint defined in web.xml.

Example: 

 <w:show ifRole="webmaster,translator">
   (tag content - typically a link)
 </w:show>

Example with role specified by negation: 

 
 <w:show ifRoleNot="read-only">
   (tag content - typically a link)
 </w:show>
The above two styles are mutually exclusive.

The body of this class is either echoed as is, or is suppressed entirely. It is echoed only if the user is logged in, and their role is compatible with the specified list. By definition, a user is logged in when request.getUserPrincipal() returns a value having content.

Constructor Summary
ShowForRole()
           
 
Method Summary
protected  void crossCheckAttributes()
          One and only one of setIfRole(java.lang.String) and setIfRoleNot(java.lang.String) must be set.
protected  String getEmittedText(String aOriginalBody)
          See class comment.
 void setIfRole(String aRoles)
          Optional, comma-delimited list of accepted roles.
 void setIfRoleNot(String aRoles)
          Optional, comma-delimited list of denied roles.
 
Methods inherited from class hirondelle.web4j.ui.tag.TagHelper
checkForContent, doTag, getPageContext, getPageName, getRequest, getResponse
 
Methods inherited from class SimpleTagSupport
findAncestorWithClass, getJspBody, getJspContext, getParent, setJspBody, setJspContext, setParent
 
Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ShowForRole

public ShowForRole()
Method Detail

setIfRole

public void setIfRole(String aRoles)
Optional, comma-delimited list of accepted roles.

setIfRoleNot

public void setIfRoleNot(String aRoles)
Optional, comma-delimited list of denied roles.

crossCheckAttributes

protected void crossCheckAttributes()
One and only one of setIfRole(java.lang.String) and setIfRoleNot(java.lang.String) must be set.

Overrides:
crossCheckAttributes in class TagHelper

getEmittedText

protected String getEmittedText(String aOriginalBody)
See class comment.

Specified by:
getEmittedText in class TagHelper
Parameters:
aOriginalBody - is the evaluated body of this tag. If there is no body, or if the body is present but empty, then it is null.
Returns:
the text to display in the resulting web page.
Overview  Package   Class  Tree  Deprecated  Index  Help 
Version 4.0.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright Hirondelle Systems. Published December 21, 2008 - User Guide - All Docs.