Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Entitlements Server
11g Release 1 (11.1.1)

Part Number E14097-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

8 Using the JSP Tags

The JavaServer Pages Standard Tag Library (JSTL) consists of custom JavaServer Pages (JSP) elements that encapsulate recurring tasks. Custom tags are reusable JSP components that contain the objects to implement the tasks. They are distributed in a tag library. Oracle Entitlements Server contains custom tags that will call the authorization API. Developers can use these tags in JSP to build a security-based web application. The sections in this chapter contain information on the custom Oracle Entitlements Server JSP tags.

Note:

The tag library can only be run on WebLogic Server.

8.1 Defining the Functional Tags

These functional JSP tags capture the authorization features on Oracle Entitlements Server. The following sections contain information on these functional tags.

8.1.1 isAccessAllowed Tag

isAccessAllowed checks if the user is authorized to access a specific resource. If access is allowed, display the body of the tag; if not, skip the body. This is a cooperative and a conditional tag. It will return true or false, and a variable to the body of the JSP which can be used to process obligations.

Note:

If you want to show JSP content by tag body, the then/else tag must be used. JSP content cannot be written in the tag body directly without using then/else.

Table 8-1 documents the isAccessAllowed tag definition.

Table 8-1 isAcessAllowed Tag Definition

Name Details

resource

Description: The resource used when calling isAccessAllowed.

Mandatory

Return Type: not applicable

resourceType

Description: The type of resource used when calling isAccessAllowed. If not set, the global resource type set by setSecurityContext will be used.

Optional

Return Type: not applicable

action

Description: The action used when calling isAccessAllowed. The default action is view.

Optional

Return Type: not applicable

resultVar

Description: The name of the scripting variable used to tell if access is allowed.

Optional

Return Type: boolean

resultVarScope

Description: The scope of the resultVar (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable

obligationVar

Description: The name of the variable used for returning obligations from the isAccessAllowed call.

Optional

Return Type: A map of obligations; the key is the obligation name and the value is a map of attributes with attribute names and values.

obligationVarScope

Description: The scope of the variable containing obligations from isAccessAllowed (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable


Example 8-1 illustrates how isAccessAllowed may be used.

Example 8-1 isAccessAllowed Tag Example

<%-- Set global attributes --%>
  <oes:setSecurityContext appId="TagLibraryApp" resourceType="image" 
     resourcePrefix="images/">
    <oes:attribute name="test_attr" value="good_job"/>
  </oes:setSecurityContext>
 
  <%!
      String resourceStr="private.jpg";
      String actionStr="read";
      String returnVar = "isAllowed";
  %>
 
<%-- Test for isAccessAllowed tag --%>
  <oes:isAccessAllowed  resource="<%=resourceStr %>" action="<%=actionStr %>" 
  resultVar="<%=returnVar %>" obligationVar="obligations">
    <oes:attribute name="test_attr_local" value="hard_work" />
    <oes:then>
         You have the permission to <%=actionStr %> the image <%=resourceStr %>. 
         <br/>
         <img src="images/private.jpg"  width="250" height="150" /> <br/>
          The obligations are: <br/>
            <c:forEach items="${obligations}" var="entry">
            <c:out value="${entry.key}" /> &nbsp;=&nbsp; <c:out 
               value="${entry.value}" /> <br/>
            </c:forEach>
    </oes:then>
    <oes:else>
         You have not the permission to <%=actionStr %> the image 
          <%=resourceStr %>. <br/>
    </oes:else>
  </oes:isAccessAllowed>
 
<%-- another way to use tag isAccessAllowed --%>
  <oes:isAccessAllowed  resource="<%=resourceStr %>" action="<%=actionStr %>" 
  resultVar="<%=returnVar %>" obligationVar="obligations">
    <oes:attribute name="test_attr_local" value="hard_work" />
  </oes:isAccessAllowed>
  <c:choose>
  <c:when test="${isAllowed}">You have the permission to <%=actionStr %> 
      the image <%=resourceStr %>. <br/>
      <img src="images/private.jpg"  width="250" height="150" />
      The obligations are: <br/>
       <c:forEach items="${obligations}" var="entry">
       <c:out value="${entry.key}" /> &nbsp;=&nbsp; 
       <c:out value="${entry.value}" /> <br/>
  </c:forEach>
  </c:when>
 <c:otherwise>
      You have not the permission to <%=actionStr %> the image 
         <%=resourceStr %>. <br/>
 </c:otherwise>
 </c:choose>

8.1.2 isAccessNotAllowed Tag

isAccessNotAllowed checks if the user is not authorized to access a specific resource. If access is not allowed, display the body of the tag; if it is, skip the body. This is a cooperative and a conditional tag. It will return true or false, and a variable to the body of the JSP that can be used later to process obligations.

Note:

If you want to show JSP content by tag body, the then/else tag must be used. JSP content cannot be written in the tag body directly without using then/else.

Table 8-2 documents the isAccessNotAllowed tag definition.

Table 8-2 isAccessNotAllowed Tag Definition

Name Details

resource

Description: The resource used when calling isAccessAllowed.

Mandatory

Return Type: not applicable

resourceType

Description: The type of resource used when calling isAccessAllowed. If not set, the global resource type set by setSecurityContext will be used.

Optional

Return Type: not applicable

action

Description: The action used when calling isAccessAllowed. The default action is view.

Optional

Return Type: not applicable

resultVar

Description: The name of the scripting variable used to tell if access is allowed.

Optional

Return Type: boolean

resultVarScope

Description: The scope of the resultVar (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable

obligationVar

Description: The name of the variable used for returning obligations from the isAccessAllowed call.

Optional

Return Type: A map of obligations. The key is the obligation name and the value is a map of attributes with attribute names and values.

obligationVarScope

Description: The scope of the variable containing obligations from isAccessAllowed (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable


Example 8-2 illustrates how isAccessNotAllowed may be used.

Example 8-2 isAccessNotAllowed Tag Example

<%-- Test for isAccessNotAllowed tag --%>
     <oes:isAccessNotAllowed  resource="<%=resourceStr %>" 
      action="<%=actionStr %>" resultVar="isNotAllowed" 
      obligationVar="obligations_not">
     <oes:then>
       You have not the permission to <%=actionStr %> the image <%=resourceStr %>. 
       <br/>
       The obligations are: <br/>
       <c:forEach items="${obligations_not}" var="entry">
       <c:out value="${entry.key}" /> &nbsp;=&nbsp; 
       <c:out value="${entry.value}" /> <br/>
       </c:forEach>
      </oes:then>
      <oes:else>
        You have the permission to <%=actionStr %> the image <%=resourceStr %>. 
         <br/>
         <img src="images/private.jpg" width="250" height="150"/>
        The obligations are: <br/>
       <c:forEach items="${obligations_not}" var="entry">
       <c:out value="${entry.key}" /> &nbsp;=&nbsp; 
       <c:out value="${entry.value}" /> <br/>
      </c:forEach>
      </oes:else>
</oes:isAccessNotAllowed>
 
<%-- another way to use tag isAccessNotAllowed --%>
<oes:isAccessNotAllowed  resource="<%=resourceStr %>" 
    action="<%=actionStr %>" resultVar="isNotAllowed" 
    obligationVar="obligations_not" />
   <c:choose>
   <c:when test="${isNotAllowed}">You have not the permission to 
      <%=actionStr %> the image <%=resourceStr %>. <br/>
   </c:when>
   <c:otherwise>
    You have the permission to <%=actionStr %> the image <%=resourceStr %>. <br/>
    <img src="images/private.jpg"  width="250" height="150" />
    The obligations are: <br/>
   <c:forEach items="${obligations}" var="entry">
   <c:out value="${entry.key}" /> &nbsp;=&nbsp; 
   <c:out value="${entry.value}" /> <br/>
   </c:forEach>
   </c:otherwise>
   </c:choose>

8.1.3 getUserRoles Tag

getUserRoles retrieves the roles assigned to the user for a particular resource and action. This is a cooperative tag that returns a variable to the JSP that can be used later for processing. Table 8-3 documents the getUserRoles tag definition.

Table 8-3 getUserRoles Tag Definition

Name Details

resource

Description: The resource used when calling getUserRoles.

Mandatory

Return Type: not applicable

resourceType

Description: The type of resource used when calling getUserRoles; If it is not set, the global resource type set by setSecurityContext will be used.

Optional

Return Type: not applicable

action

Description: The action used when calling getUserRoles. The default action is view.

Optional

Return Type: not applicable

resultVar

Description: The name of the variable to set that contains the list of user's roles.

Mandatory

Return Type: A list of strings of role names.

resultVarScope

Description: The scope of the resultVar (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable


Example 8-3 illustrates how getUserRoles may be used.

Example 8-3 getUserRoles Tag Example

<%-- Test for tag getUserRoles --%>
     <oes:setSecurityContext appId="TagLibraryApp" resourceType="jspfile" 
        resourcePrefix="">
     <oes:attribute name="myroleattr" value="its_my_role"/>
     </oes:setSecurityContext>
     <oes:getUserRoles  resource="protected/rolepolicy.jsp" action="write" 
        resultVar="rolenames" />
     <c:out value="Role names are : " />
     <c:forEach items="${rolenames}" var="rolename">
     <c:out value="${rolename}" /> <br>
     </c:forEach>

8.1.4 isUserInRole Tag

isUserInRole checks if the user has been assigned to the specified role for a particular resource and action. This is a cooperative and a conditional tag. It will return true (if the current user has a specific role) or false, and a result variable to the body of the JSP for later processing.

Note:

If you want to show JSP content by tag body, the then/else tag must be used. JSP content cannot be written in the tag body directly without using then/else.

Table 8-4 documents the isUserInRole tag definition.

Table 8-4 isUserInRole Tag Definition

Name Details

role

Description: The name of the role to check against the user.

Mandatory

Return Type: not applicable

resource

Description: The name of the resource against which to check the user's roles.

Mandatory

Return Type: not applicable

resourceType

Description: The type of resource against which to check the user's roles. If it is not set, the global resource type set by setSecurityContext will be used.

Optional

Return Type: not applicable

action

Description: The resource's action against which the user's role will be checked. The default value will be view.

Optional

Return Type: not applicable

resultVar

Description: A variable used to hold the result from isUserInRole for later use.

Optional

Return Type: boolean

resultVarScope

Description: The scope of the resultVar (page, request, session, or application). The default scope is page.

Optional

Return Type: not applicable


Example 8-4 illustrates how isUserInRole may be used.

Example 8-4 isUserInRole Tag Example

<%-- Test for tag isUserInRole --%>
    <oes:isUserInRole role="tagrole1" resource="protected/rolepolicy.jsp" 
      action="write" resultVar="isUserInRole" resultVarScope="request">
      <oes:then>You are in the role "tagrole1".</oes:then>
      <oes:else>You are not in the role "tagrole1".</oes:else>
    </oes:isUserInRole>
 
 <%-- we can also use following scripts to test if the user is in the specific 
      role --%>
     <c:choose>
       <c:when test="${isUserInRole}">
           <iframe src="protected/rolepolicy.jsp?isUserInRole=<c:out 
            value='${isUserInRole}'/>" width="500" height="250" />
       </c:when>
       <c:otherwise>
          You are not in role "tagrole1", and can not see the content of 
          protected/rolepolicy.jsp
       </c:otherwise>
       </c:choose

8.2 Defining the Assistant Tags

Assistant (also known as non-functional) tags are helper tags. The following sections contain information on these assistant tags.

8.2.1 setSecurityContext Tag

setSecurityContext is a cooperative tag that will set up data (including the application ID, resource type and the prefix of the resource name for other tags). The attributes that should be set globally in the application context can be set in the body of this tag using the attribute tag (as described in Section 8.2.2, "attribute Tag"). The attributes set by setSecurityContext will then be put into the application context as its authorization call elements. Table 8-5 documents the setSecurityContext tag definition.

Table 8-5 setSecurityContext Tag Definition

Name Details

appId

Description: The appId of the security context that will be used to construct the runtime resource for all other tags on the page that have a resource attribute.

Mandatory

Return Type: not applicable

resourceType

Description: The global resource type which can be used by all other authorization tags.

Optional

Return Type: not applicable

resourcePrefix

Description: The prefix of the resource name. If most of the resources on one JSP have the same prefix, this attribute can be used to shorten the resource name for each authorization tag. For example, if there are many images protected by the Authorization Policy under /product/cat1/images/, the prefix can set as /product/cat1/images/ and the resource name would be the simple image name such as mobile.jpg.

Optional

Return Type: not applicable


Example 8-5 illustrates how setSecurityContext may be used.

Example 8-5 setSecurityContext Tag Example

<%-- Set global attributes --%>
    <oes:setSecurityContext appId="TagLibraryApp" resourceType="image" 
      resourcePrefix="images/">
      <oes:attribute name="test_attr" value="good_job"/>
    </oes:setSecurityContext>

8.2.2 attribute Tag

attribute is a tag that can be used to pass extra variables into the Oracle Entitlements Server application context by other Oracle Entitlements Server JSP tags. These variables will be used to write constraints against Authorization Policies. Table 8-6 documents the attribute tag definition.

Table 8-6 attribute Tag Definition

Name Details

name

Description: The name of the attribute to set in the application context.

Mandatory

Return Type: not applicable

value

Description: The value of the attribute to set in the application context.

Mandatory

Return Type: not applicable


Example 8-6 illustrates how attribute may be used.

Example 8-6 attribute Tag Example

<oes:attribute name="myroleattr" value="its_my_role"/>

8.2.3 then/else Tags

then/else is a tag used for displaying content for conditional tags (including isAccessAllowed, isAccessNotAllowed and isUserInRole. If the result of the conditional tags is true, the content in the tag then is displayed; otherwise the content in the tag else is displayed. These tags are simple tags with no additional defintion.