Pagelets and proxied applications can use Ensemble roles to control access to content and functionality.
Each incoming request to Ensemble is evaluated against the policies for the requested resource. If the user is found to be in one or more roles, access is granted and the set of matching roles is passed on to the proxied application, allowing the application to determine the correct access level for the user. This is called Role-Based Access Control (RBAC).
Roles are sent in an HTTP header and can be accessed using the Proxy IDK and adaptive tags.
Adaptive tags can be included in the markup returned by any proxied page, including pagelets. Using the attributes defined in the tag, Ensemble transforms the XML and replaces it with standard HTML to be displayed in a browser. For details, see Ensemble Adaptive Tag Library (pt:ensemble).
<pt:ensemble.rolelist pt:key='roles'/> <pt:logic.foreach pt:data='roles' pt:var='role'> <pt:logic.value pt:value='$role'/> <pt:logic.separator><br></pt:logic.separator> </pt:logic.foreach><BR>
<pt:ensemble.roleexpr pt:expr='hasRole Admin' pt:key='hasrole'/> <pt:logic.if pt:expr='$hasrole'> <pt:logic.iftrue> This user has the Admin role. </pt:logic.iftrue> <pt:logic.iffalse> Warning: This user DOES NOT have the Admin role. </pt:logic.iffalse> </pt:logic.if>
The IDK bea.alui.proxy.IProxyUser interface also allows you to get a list of the user's roles in the current context, or determine whether the user has a specific role.
<%@ page language='java' import='com.plumtree.remote.portlet.*, java.util.Date, java.util.*, com.bea.alui.proxy.*' %> You refreshed at <%= new Date().toString()%><br/> <% response.setHeader('Cache-Control','no-cache'); //HTTP 1.1 response.setHeader('Pragma','no-cache'); //HTTP 1.0 response.setDateHeader ('Expires', 0); //prevents caching at the proxy server IProxyContext ctx = ProxyContextFactory.getInstance().createProxyContext(request,response); IProxyRequest req = ctx.getProxyRequest(); IProxyResponse res = ctx.getProxyResponse(); Enumeration roles = req.getUser().getRoles(); boolean isAdmin = req.getUser().isUserInRole('AdminRole'); boolean isMgr = req.getUser().isUserInRole('MgrRole'); boolean isUser = req.getUser().isUserInRole('UserRole') %> <html> <head> <meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1'> <META HTTP-EQUIV='PRAGMA' CONTENT='NO-CACHE'> <title>Preferences</title> </head> <body> <br/> CONSUMER SETTINGS <br/> <% while (roles.hasMoreElements()) { String role = (String)roles.nextElement(); %> <br/>User has role: <%=role%><br/> <% } %> <br/>User is admin? <%=isAdmin%><br/> <br/>User is manager? <%=isMgr%><br/> <br/>User is standard user? <%=isUser%><br/> <pt:ensemble.inject xmlns:pt='http://www.plumtree.com/xmlschemas/ptui/' pt:name='idkLib:rolePagelet'/> </body> </html>