Oracle® Fusion Middleware Developer's Guide for Oracle Entitlements Server 11g Release 1 (11.1.1) E14097-04 |
|
Previous |
Next |
The JavaServer Pages Standard Tag Library (JSTL) consists of custom JavaServer Pages (JSP) elements that encapsulate recurring tasks. Custom tags are reusable JSP components that contain the objects to implement the tasks. They are distributed in a tag library. Oracle Entitlements Server contains custom tags that will call the authorization API. Developers can use these tags in JSP to build a security-based web application. The sections in this chapter contain information on the custom Oracle Entitlements Server JSP tags.
Note: The tag library can only be run on WebLogic Server. |
These functional JSP tags capture the authorization features on Oracle Entitlements Server. The following sections contain information on these functional tags.
isAccessAllowed
checks if the user is authorized to access a specific resource. If access is allowed, display the body of the tag; if not, skip the body. This is a cooperative and a conditional tag. It will return true or false, and a variable to the body of the JSP which can be used to process obligations.
Note: If you want to show JSP content by tag body, the |
Table 8-1 documents the isAccessAllowed
tag definition.
Table 8-1 isAcessAllowed Tag Definition
Name | Details |
---|---|
resource |
Description: The resource used when calling Mandatory Return Type: not applicable |
resourceType |
Description: The type of resource used when calling Optional Return Type: not applicable |
action |
Description: The action used when calling Optional Return Type: not applicable |
resultVar |
Description: The name of the scripting variable used to tell if access is allowed. Optional Return Type: boolean |
resultVarScope |
Description: The scope of the Optional Return Type: not applicable |
obligationVar |
Description: The name of the variable used for returning obligations from the Optional Return Type: A map of obligations; the key is the obligation name and the value is a map of attributes with attribute names and values. |
obligationVarScope |
Description: The scope of the variable containing obligations from Optional Return Type: not applicable |
Example 8-1 illustrates how isAccessAllowed
may be used.
Example 8-1 isAccessAllowed Tag Example
<%-- Set global attributes --%> <oes:setSecurityContext appId="TagLibraryApp" resourceType="image" resourcePrefix="images/"> <oes:attribute name="test_attr" value="good_job"/> </oes:setSecurityContext> <%! String resourceStr="private.jpg"; String actionStr="read"; String returnVar = "isAllowed"; %> <%-- Test for isAccessAllowed tag --%> <oes:isAccessAllowed resource="<%=resourceStr %>" action="<%=actionStr %>" resultVar="<%=returnVar %>" obligationVar="obligations"> <oes:attribute name="test_attr_local" value="hard_work" /> <oes:then> You have the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> <img src="images/private.jpg" width="250" height="150" /> <br/> The obligations are: <br/> <c:forEach items="${obligations}" var="entry"> <c:out value="${entry.key}" /> = <c:out value="${entry.value}" /> <br/> </c:forEach> </oes:then> <oes:else> You have not the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> </oes:else> </oes:isAccessAllowed> <%-- another way to use tag isAccessAllowed --%> <oes:isAccessAllowed resource="<%=resourceStr %>" action="<%=actionStr %>" resultVar="<%=returnVar %>" obligationVar="obligations"> <oes:attribute name="test_attr_local" value="hard_work" /> </oes:isAccessAllowed> <c:choose> <c:when test="${isAllowed}">You have the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> <img src="images/private.jpg" width="250" height="150" /> The obligations are: <br/> <c:forEach items="${obligations}" var="entry"> <c:out value="${entry.key}" /> = <c:out value="${entry.value}" /> <br/> </c:forEach> </c:when> <c:otherwise> You have not the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> </c:otherwise> </c:choose>
isAccessNotAllowed
checks if the user is not authorized to access a specific resource. If access is not allowed, display the body of the tag; if it is, skip the body. This is a cooperative and a conditional tag. It will return true or false, and a variable to the body of the JSP that can be used later to process obligations.
Note: If you want to show JSP content by tag body, the |
Table 8-2 documents the isAccessNotAllowed
tag definition.
Table 8-2 isAccessNotAllowed Tag Definition
Name | Details |
---|---|
resource |
Description: The resource used when calling Mandatory Return Type: not applicable |
resourceType |
Description: The type of resource used when calling Optional Return Type: not applicable |
action |
Description: The action used when calling Optional Return Type: not applicable |
resultVar |
Description: The name of the scripting variable used to tell if access is allowed. Optional Return Type: boolean |
resultVarScope |
Description: The scope of the Optional Return Type: not applicable |
obligationVar |
Description: The name of the variable used for returning obligations from the Optional Return Type: A map of obligations. The key is the obligation name and the value is a map of attributes with attribute names and values. |
obligationVarScope |
Description: The scope of the variable containing obligations from isAccessAllowed (page, request, session, or application). The default scope is page. Optional Return Type: not applicable |
Example 8-2 illustrates how isAccessNotAllowed
may be used.
Example 8-2 isAccessNotAllowed Tag Example
<%-- Test for isAccessNotAllowed tag --%> <oes:isAccessNotAllowed resource="<%=resourceStr %>" action="<%=actionStr %>" resultVar="isNotAllowed" obligationVar="obligations_not"> <oes:then> You have not the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> The obligations are: <br/> <c:forEach items="${obligations_not}" var="entry"> <c:out value="${entry.key}" /> = <c:out value="${entry.value}" /> <br/> </c:forEach> </oes:then> <oes:else> You have the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> <img src="images/private.jpg" width="250" height="150"/> The obligations are: <br/> <c:forEach items="${obligations_not}" var="entry"> <c:out value="${entry.key}" /> = <c:out value="${entry.value}" /> <br/> </c:forEach> </oes:else> </oes:isAccessNotAllowed> <%-- another way to use tag isAccessNotAllowed --%> <oes:isAccessNotAllowed resource="<%=resourceStr %>" action="<%=actionStr %>" resultVar="isNotAllowed" obligationVar="obligations_not" /> <c:choose> <c:when test="${isNotAllowed}">You have not the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> </c:when> <c:otherwise> You have the permission to <%=actionStr %> the image <%=resourceStr %>. <br/> <img src="images/private.jpg" width="250" height="150" /> The obligations are: <br/> <c:forEach items="${obligations}" var="entry"> <c:out value="${entry.key}" /> = <c:out value="${entry.value}" /> <br/> </c:forEach> </c:otherwise> </c:choose>
getUserRoles
retrieves the roles assigned to the user for a particular resource and action. This is a cooperative tag that returns a variable to the JSP that can be used later for processing. Table 8-3 documents the getUserRoles
tag definition.
Table 8-3 getUserRoles Tag Definition
Name | Details |
---|---|
resource |
Description: The resource used when calling Mandatory Return Type: not applicable |
resourceType |
Description: The type of resource used when calling Optional Return Type: not applicable |
action |
Description: The action used when calling Optional Return Type: not applicable |
resultVar |
Description: The name of the variable to set that contains the list of user's roles. Mandatory Return Type: A list of strings of role names. |
resultVarScope |
Description: The scope of the Optional Return Type: not applicable |
Example 8-3 illustrates how getUserRoles
may be used.
Example 8-3 getUserRoles Tag Example
<%-- Test for tag getUserRoles --%> <oes:setSecurityContext appId="TagLibraryApp" resourceType="jspfile" resourcePrefix=""> <oes:attribute name="myroleattr" value="its_my_role"/> </oes:setSecurityContext> <oes:getUserRoles resource="protected/rolepolicy.jsp" action="write" resultVar="rolenames" /> <c:out value="Role names are : " /> <c:forEach items="${rolenames}" var="rolename"> <c:out value="${rolename}" /> <br> </c:forEach>
isUserInRole
checks if the user has been assigned to the specified role for a particular resource and action. This is a cooperative and a conditional tag. It will return true (if the current user has a specific role) or false, and a result variable to the body of the JSP for later processing.
Note: If you want to show JSP content by tag body, the |
Table 8-4 documents the isUserInRole
tag definition.
Table 8-4 isUserInRole Tag Definition
Name | Details |
---|---|
role |
Description: The name of the role to check against the user. Mandatory Return Type: not applicable |
resource |
Description: The name of the resource against which to check the user's roles. Mandatory Return Type: not applicable |
resourceType |
Description: The type of resource against which to check the user's roles. If it is not set, the global resource type set by Optional Return Type: not applicable |
action |
Description: The resource's action against which the user's role will be checked. The default value will be view. Optional Return Type: not applicable |
resultVar |
Description: A variable used to hold the result from Optional Return Type: boolean |
resultVarScope |
Description: The scope of the Optional Return Type: not applicable |
Example 8-4 illustrates how isUserInRole
may be used.
Example 8-4 isUserInRole Tag Example
<%-- Test for tag isUserInRole --%> <oes:isUserInRole role="tagrole1" resource="protected/rolepolicy.jsp" action="write" resultVar="isUserInRole" resultVarScope="request"> <oes:then>You are in the role "tagrole1".</oes:then> <oes:else>You are not in the role "tagrole1".</oes:else> </oes:isUserInRole> <%-- we can also use following scripts to test if the user is in the specific role --%> <c:choose> <c:when test="${isUserInRole}"> <iframe src="protected/rolepolicy.jsp?isUserInRole=<c:out value='${isUserInRole}'/>" width="500" height="250" /> </c:when> <c:otherwise> You are not in role "tagrole1", and can not see the content of protected/rolepolicy.jsp </c:otherwise> </c:choose
Assistant (also known as non-functional) tags are helper tags. The following sections contain information on these assistant tags.
setSecurityContext
is a cooperative tag that will set up data (including the application ID, resource type and the prefix of the resource name for other tags). The attributes that should be set globally in the application context can be set in the body of this tag using the attribute
tag (as described in Section 8.2.2, "attribute Tag"). The attributes set by setSecurityContext
will then be put into the application context as its authorization call elements. Table 8-5 documents the setSecurityContext
tag definition.
Table 8-5 setSecurityContext Tag Definition
Name | Details |
---|---|
appId |
Description: The Mandatory Return Type: not applicable |
resourceType |
Description: The global resource type which can be used by all other authorization tags. Optional Return Type: not applicable |
resourcePrefix |
Description: The prefix of the resource name. If most of the resources on one JSP have the same prefix, this attribute can be used to shorten the resource name for each authorization tag. For example, if there are many images protected by the Authorization Policy under Optional Return Type: not applicable |
Example 8-5 illustrates how setSecurityContext
may be used.
attribute
is a tag that can be used to pass extra variables into the Oracle Entitlements Server application context by other Oracle Entitlements Server JSP tags. These variables will be used to write constraints against Authorization Policies. Table 8-6 documents the attribute
tag definition.
Table 8-6 attribute Tag Definition
Name | Details |
---|---|
name |
Description: The name of the attribute to set in the application context. Mandatory Return Type: not applicable |
value |
Description: The value of the attribute to set in the application context. Mandatory Return Type: not applicable |
Example 8-6 illustrates how attribute
may be used.
then
/else
is a tag used for displaying content for conditional tags (including isAccessAllowed
, isAccessNotAllowed
and isUserInRole
. If the result of the conditional tags is true, the content in the tag then
is displayed; otherwise the content in the tag else is displayed. These tags are simple tags with no additional defintion.