Menu
Is there a way to convert a jsp code of the form
<security:authorize access="hasRole('ROLE_USER')">You're an user</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">You're an admin</security:authorize>
<security:authorize access="hasRole('ROLE_SADMIN')">You're a superadmin</security:authorize>
to another form, similar to the following (doesn't work)?
<c:choose>
<c:when test="hasRole('ROLE_USER')">
You're an user
</c:when>
<c:when test="hasRole('ROLE_ADMIN')">
You're an admin
</c:when>
<c:when test="hasRole('ROLE_SADMIN')">
You're a superadmin
</c:when>
<c:otherwise>
You have no relevant role
</c:otherwise>
</c:choose>
More precisely, is there a way to substitute this Spring Security taglib functionality with JSTL tags?
615
Spring provides a couple of out-of-the-box solutions for JSP and JSTL views. Using JSP or JSTL is done using a normal view resolver defined in the WebApplicationContext . Furthermore, of course you need to write some JSPs that will actually render the view.
Based on the JSTL functions, they are categorized into five types. JSTL Core Tags: JSTL Core tags provide support for iteration, conditional logic, catch exception, url, forward or redirect response etc. To use JSTL core tags, we should include it in the JSP page like below.
Spring Security Tag library provides basic support for such operations. Using such tags, we can control the information displayed to the user based on his roles or permissions. Also, we can include CSRF protection features in our forms.
The JSTL formatting tags are used for internationalized web sites to display and format text, the time, the date and numbers. The syntax used for including JSTL formatting library in your JSP is: <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
You can use the var attribute of the <security:authorize/> tag which will create:
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the same condition to be reused subsequently in the page without re-evaluation.
<security:authorize access="hasRole('ROLE_USER')" var="isUser" />
<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<security:authorize access="hasRole('ROLE_SADMIN')" var="isSuperUser" />
<c:choose>
<c:when test="${isSuperUser}">
You're a superadmin
</c:when>
<c:when test="${isAdmin}">
You're an admin
</c:when>
<c:when test="${isUser}">
You're an user
</c:when>
<c:otherwise>
You have no relevant role
</c:otherwise>
</c:choose>
Workarround: When you have only this simple hasRole(XXX) expressions, then you could have a variable that contains the role of the current user. This variable could be populated by the controller, or when you needed it in almost all jsps, by an Spring HandlerInterceptor or Servlet Filter (that is registered after the Spring Security Filter).
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
