<auth:isAcccessAllowed> Tag

This tag provides fine-grained entitlement-setting on application resources for which entitlements are not available by default.

If the result of the entitlement check is not "grant", the body of this tag will be skipped. For convenience, an empty body form of the tag may be used and the return value id will be set true for "grant" decisions.

Using this tag involves the following process:

  1. Identify the taxonomy of the resource to be entitled. For example, if you are entitling a link on a JSP, the taxonomy would be: desktop > book > page > portlet > JSP > link.
  2. In the WebLogic Administration Portal, create and define a visitor role that will be able to access the resource you are entitling.
  3. Add the <auth:isAccessAllowed> tag to your JSP, wrapped around the resource you want to entitle, and set the appropriate tag attributes.

Syntax

<tagName attribute="value" />

Attributes

resourceId

Required (String) - Represents the application-defined taxonomy (hierarchy of resources) including the resource being requested.

id

Required (String) - The name of the variable that will hold the result of the tag evaluation (grant or deny).

capability

Optional (String) - The requested capability for the resource.

subject

Optional (Subject object) - The Subject for which the request will be evaluated.

roleScope

Optional (int) - The level in the taxonomy at which role policies will be looked for to grant or deny access to the resource. If you do not use this attribute, a role will be looked for up to the enterprise application level. Possible values are:

needContextHandler

Optional (boolean) - Determines whether or not a context handler should be generated.

inheritSecurityPolicy

Optional (boolean) - Determines whether or not to grant or deny access to the resource based on existing security policies. If you do not use this attribute, the default value is "false."

Example

This example sets entitlements on a link on a JSP. The resourceId and id values are read in from variables declared earlier in the code. Because of the roleScope value, the tag looks for existing role policies starting at the leaf node in the resource taxonomy. If the user does not belong to the role policy granting access to this resource, the user will not see the link.

<%@ taglib uri="auth.tld" prefix="auth" %>
.
.
.
<auth:isAccessAllowed resourceId="<%=resourceId%>" id="<%=evalResult%>" roleScope="<%=EntitlementConstants.HIERARCHICAL_ROLE_INHERITANCE%>" >
	<p><a href="HRpersonnel.jsp">Click here for secure personnel information.</a>
</auth:isAccessAllowed>