The <auth:isUserInRole> tag allows you to test the current user’s role so you can selectively display content wrapped by the tag. This allows an application to restrict display of application content by requiring authorization of the user accessing the JSP. If used within an entitled portlet, this effectively allows multiple levels of (finer grained) authorization. This tag uses the WLS security SPI within its implementation.
The set of roles evaluated by the <auth:isUserInRole> tag are the Visitor Roles defined by using the WebLogic Administration Portal and global roles defined using the WebLogic Administration Console. Also, any Role Mapping Provider that has roles mapped to the portal resource hierarchy will also be evaluated.
A single call to <auth:isUserInRole>
will cause all Visitor Roles for the current web application to be evaluated,
so care should be taken as to how large the role set is. The map of computed
roles is evaluated at most once per request, but is not cached across requests.
<auth:isUserInRole roleName=”roleNameToTest” roleMap=”roleMapVarName” />
roleName
Required (String) - The name of the role required of the current user.
roleMap
Required (String) – The name of the page variable to assign the return
java.util.Map value to. The caller may use the roleMap to determine what
other evaluated roles the current user is in, if needed.
id
Required (String) - The name of the page variable to assign the return java.lang.Boolean
to. If the caller is in the roleName, true is returned.
In this example, a visitor role named “VisitorRole” has been previously defined in the WebLogic Administration Portal and is being tested for within a JSP page.
<%@ taglib uri="auth.tld" prefix="auth" %> . . . String aRoleName = “VisitorRole”;
<auth:isUserInRole roleName="<%=aRoleName%>" roleMap="myRoleMap" id="access"/>
User is in role <%=aRoleName%>: <%=access.booleanValue()%> Full set of user roles: <%=myRoleMap.toString()%>
<auth:isUserInRole roleName="VisitorRole2” roleMap="myRoleMap" id="access"> <p>Authorized application content for VisitorRole2</p> </auth:isUserInRole>