This tag provides fine-grained entitlement-setting on application resources for which entitlements are not available by default.
If the result of the entitlement check is not "grant", the body of this tag will be skipped. For convenience, an empty body form of the tag may be used and the return value id will be set true for "grant" decisions.
Using this tag involves the following process:
<tagName attribute="value" />
resourceId
Required (String) - Represents the application-defined taxonomy (hierarchy of resources) including the resource being requested.
id
Required (String) - The name of the variable that will hold the result of the tag evaluation (grant or deny).
capability
Optional (String) - The requested capability for the resource.
subject
Optional (Subject object) - The Subject for which the request will be evaluated.
roleScope
Optional (int) - The level in the taxonomy at which role policies will be looked for to grant or deny access to the resource. If you do not use this attribute, a role will be looked for up to the enterprise application level. Possible values are:
needContextHandler
Optional (boolean) - Determines whether or not a context handler should be generated.
inheritSecurityPolicy
Optional (boolean) - Determines whether or not to grant or deny access to the resource based on existing security policies. If you do not use this attribute, the default value is "false."
This example sets entitlements on a link on a JSP. The resourceId and id values are read in from variables declared earlier in the code. Because of the roleScope value, the tag looks for existing role policies starting at the leaf node in the resource taxonomy. If the user does not belong to the role policy granting access to this resource, the user will not see the link.
<%@ taglib uri="auth.tld" prefix="auth" %> . . . <auth:isAccessAllowed resourceId="<%=resourceId%>" id="<%=evalResult%>" roleScope="<%=EntitlementConstants.HIERARCHICAL_ROLE_INHERITANCE%>" > <p><a href="HRpersonnel.jsp">Click here for secure personnel information.</a> </auth:isAccessAllowed>