Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Security switch case in JSTL Tags

Is there a way to convert a jsp code of the form

<security:authorize access="hasRole('ROLE_USER')">You're an user</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">You're an admin</security:authorize>
<security:authorize access="hasRole('ROLE_SADMIN')">You're a superadmin</security:authorize>

to another form, similar to the following (doesn't work)?

<c:choose>
  <c:when test="hasRole('ROLE_USER')">
    You're an user
  </c:when>
  <c:when test="hasRole('ROLE_ADMIN')">
    You're an admin
  </c:when>
  <c:when test="hasRole('ROLE_SADMIN')">
    You're a superadmin
  </c:when>
  <c:otherwise>
    You have no relevant role
  </c:otherwise>
</c:choose>

More precisely, is there a way to substitute this Spring Security taglib functionality with JSTL tags?

like image 615
Pedro Montoto García Avatar asked Oct 29 '14 12:10

Pedro Montoto García


People also ask

Is JSTL used in spring?

Spring provides a couple of out-of-the-box solutions for JSP and JSTL views. Using JSP or JSTL is done using a normal view resolver defined in the WebApplicationContext . Furthermore, of course you need to write some JSPs that will actually render the view.

What are the different tags in JSTL?

Based on the JSTL functions, they are categorized into five types. JSTL Core Tags: JSTL Core tags provide support for iteration, conditional logic, catch exception, url, forward or redirect response etc. To use JSTL core tags, we should include it in the JSP page like below.

What are spring security tags?

Spring Security Tag library provides basic support for such operations. Using such tags, we can control the information displayed to the user based on his roles or permissions. Also, we can include CSRF protection features in our forms.

What are JSTL formatting tags?

The JSTL formatting tags are used for internationalized web sites to display and format text, the time, the date and numbers. The syntax used for including JSTL formatting library in your JSP is: <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>


2 Answers

You can use the var attribute of the <security:authorize/> tag which will create:

A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the same condition to be reused subsequently in the page without re-evaluation.

<security:authorize access="hasRole('ROLE_USER')" var="isUser" />
<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<security:authorize access="hasRole('ROLE_SADMIN')" var="isSuperUser" />

<c:choose>
  <c:when test="${isSuperUser}">
    You're a superadmin
  </c:when>
  <c:when test="${isAdmin}">
    You're an admin
  </c:when>
  <c:when test="${isUser}">
    You're an user
  </c:when>
  <c:otherwise>
    You have no relevant role
  </c:otherwise>
</c:choose>
like image 136
Alan Hay Avatar answered Oct 05 '22 23:10

Alan Hay


Workarround: When you have only this simple hasRole(XXX) expressions, then you could have a variable that contains the role of the current user. This variable could be populated by the controller, or when you needed it in almost all jsps, by an Spring HandlerInterceptor or Servlet Filter (that is registered after the Spring Security Filter).

like image 41
Ralph Avatar answered Oct 05 '22 22:10

Ralph