0
# JSP Tag Library
1
2
Complete JSP tag library for Apache Shiro providing view-layer security including authentication status tags, role and permission checks, and principal display tags. These tags enable declarative security in JSP pages without requiring Java code.
3
4
## Capabilities
5
6
### Base Tag Class
7
8
```java { .api }
9
abstract class SecureTag extends TagSupport {
10
/**
11
* Returns the current subject for security checks.
12
*
13
* @return the current Subject instance
14
*/
15
protected Subject getSubject();
16
17
/**
18
* Template method for tag processing logic.
19
*
20
* @return EVAL_BODY_INCLUDE or SKIP_BODY
21
* @throws JspException if tag processing fails
22
*/
23
protected abstract int onDoStartTag() throws JspException;
24
25
/**
26
* Standard JSP tag processing method.
27
*
28
* @return tag processing result
29
* @throws JspException if processing fails
30
*/
31
public int doStartTag() throws JspException;
32
}
33
```
34
35
### Authentication Tags
36
37
```java { .api }
38
class AuthenticatedTag extends SecureTag {
39
/**
40
* Shows body content only if user is authenticated.
41
*/
42
protected int onDoStartTag() throws JspException;
43
}
44
45
class NotAuthenticatedTag extends SecureTag {
46
/**
47
* Shows body content only if user is not authenticated.
48
*/
49
protected int onDoStartTag() throws JspException;
50
}
51
52
class UserTag extends SecureTag {
53
/**
54
* Shows body content if user is known (authenticated or remembered).
55
*/
56
protected int onDoStartTag() throws JspException;
57
}
58
59
class GuestTag extends SecureTag {
60
/**
61
* Shows body content if user is a guest (unknown).
62
*/
63
protected int onDoStartTag() throws JspException;
64
}
65
```
66
67
### Authorization Tags
68
69
```java { .api }
70
class HasRoleTag extends RoleTag {
71
/**
72
* Shows body content if user has the specified role.
73
*/
74
protected boolean showTagBody(String roleName);
75
}
76
77
class LacksRoleTag extends RoleTag {
78
/**
79
* Shows body content if user lacks the specified role.
80
*/
81
protected boolean showTagBody(String roleName);
82
}
83
84
class HasAnyRolesTag extends RoleTag {
85
/**
86
* Shows body content if user has any of the specified roles.
87
*/
88
protected boolean showTagBody(String roleNames);
89
}
90
91
class HasPermissionTag extends PermissionTag {
92
/**
93
* Shows body content if user has the specified permission.
94
*/
95
protected boolean showTagBody(String permissionName);
96
}
97
98
class LacksPermissionTag extends PermissionTag {
99
/**
100
* Shows body content if user lacks the specified permission.
101
*/
102
protected boolean showTagBody(String permissionName);
103
}
104
```
105
106
### Utility Tags
107
108
```java { .api }
109
class PrincipalTag extends SecureTag {
110
/**
111
* Displays the user's principal (typically username).
112
*/
113
public String getType();
114
public void setType(String type);
115
116
public String getProperty();
117
public void setProperty(String property);
118
119
public String getDefaultValue();
120
public void setDefaultValue(String defaultValue);
121
}
122
```
123
124
## Usage Examples
125
126
### JSP Tag Usage
127
128
```jsp
129
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
130
131
<!DOCTYPE html>
132
<html>
133
<head>
134
<title>Secure Application</title>
135
</head>
136
<body>
137
<!-- Authentication status -->
138
<shiro:authenticated>
139
<p>Welcome back! You are logged in as <shiro:principal/>.</p>
140
141
<shiro:user>
142
<p>You are a known user (authenticated or remembered).</p>
143
</shiro:user>
144
145
<a href="/logout">Logout</a>
146
</shiro:authenticated>
147
148
<shiro:notAuthenticated>
149
<p>Please <a href="/login">login</a> to access this application.</p>
150
</shiro:notAuthenticated>
151
152
<shiro:guest>
153
<p>You are browsing as a guest.</p>
154
</shiro:guest>
155
156
<!-- Role-based content -->
157
<shiro:hasRole name="admin">
158
<div class="admin-panel">
159
<h3>Admin Panel</h3>
160
<a href="/admin/users">Manage Users</a>
161
<a href="/admin/settings">System Settings</a>
162
</div>
163
</shiro:hasRole>
164
165
<shiro:hasRole name="manager">
166
<div class="manager-panel">
167
<h3>Manager Tools</h3>
168
<a href="/reports">View Reports</a>
169
</div>
170
</shiro:hasRole>
171
172
<shiro:lacksRole name="admin">
173
<p>You don't have admin privileges.</p>
174
</shiro:lacksRole>
175
176
<shiro:hasAnyRoles name="admin,manager,supervisor">
177
<div class="management-tools">
178
<h3>Management Tools</h3>
179
<!-- Management-specific content -->
180
</div>
181
</shiro:hasAnyRoles>
182
183
<!-- Permission-based content -->
184
<shiro:hasPermission name="user:create">
185
<a href="/users/new" class="btn btn-primary">Create New User</a>
186
</shiro:hasPermission>
187
188
<shiro:hasPermission name="user:edit">
189
<a href="/users/edit" class="btn btn-secondary">Edit Users</a>
190
</shiro:hasPermission>
191
192
<shiro:lacksPermission name="user:delete">
193
<p class="text-muted">You cannot delete users.</p>
194
</shiro:lacksPermission>
195
196
<!-- Principal information -->
197
<shiro:authenticated>
198
<div class="user-info">
199
<p>Username: <shiro:principal/></p>
200
<p>User ID: <shiro:principal property="id"/></p>
201
<p>Email: <shiro:principal property="email" defaultValue="No email set"/></p>
202
</div>
203
</shiro:authenticated>
204
</body>
205
</html>
206
```