CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-org-apache-shiro--shiro-web

Web support module for Apache Shiro providing servlet filters, session management, and web-specific authentication and authorization features

Pending
Overview
Eval results
Files

jsp-tag-library.mddocs/

JSP Tag Library

Complete JSP tag library for Apache Shiro providing view-layer security including authentication status tags, role and permission checks, and principal display tags. These tags enable declarative security in JSP pages without requiring Java code.

Capabilities

Base Tag Class

abstract class SecureTag extends TagSupport {
    /**
     * Returns the current subject for security checks.
     *
     * @return the current Subject instance
     */
    protected Subject getSubject();
    
    /**
     * Template method for tag processing logic.
     *
     * @return EVAL_BODY_INCLUDE or SKIP_BODY
     * @throws JspException if tag processing fails
     */
    protected abstract int onDoStartTag() throws JspException;
    
    /**
     * Standard JSP tag processing method.
     *
     * @return tag processing result
     * @throws JspException if processing fails
     */
    public int doStartTag() throws JspException;
}

Authentication Tags

class AuthenticatedTag extends SecureTag {
    /**
     * Shows body content only if user is authenticated.
     */
    protected int onDoStartTag() throws JspException;
}

class NotAuthenticatedTag extends SecureTag {
    /**
     * Shows body content only if user is not authenticated.
     */
    protected int onDoStartTag() throws JspException;
}

class UserTag extends SecureTag {
    /**
     * Shows body content if user is known (authenticated or remembered).
     */
    protected int onDoStartTag() throws JspException;
}

class GuestTag extends SecureTag {
    /**
     * Shows body content if user is a guest (unknown).
     */
    protected int onDoStartTag() throws JspException;
}

Authorization Tags

class HasRoleTag extends RoleTag {
    /**
     * Shows body content if user has the specified role.
     */
    protected boolean showTagBody(String roleName);
}

class LacksRoleTag extends RoleTag {
    /**
     * Shows body content if user lacks the specified role.
     */
    protected boolean showTagBody(String roleName);
}

class HasAnyRolesTag extends RoleTag {
    /**
     * Shows body content if user has any of the specified roles.
     */
    protected boolean showTagBody(String roleNames);
}

class HasPermissionTag extends PermissionTag {
    /**
     * Shows body content if user has the specified permission.
     */
    protected boolean showTagBody(String permissionName);
}

class LacksPermissionTag extends PermissionTag {
    /**
     * Shows body content if user lacks the specified permission.
     */
    protected boolean showTagBody(String permissionName);
}

Utility Tags

class PrincipalTag extends SecureTag {
    /**
     * Displays the user's principal (typically username).
     */
    public String getType();
    public void setType(String type);
    
    public String getProperty();
    public void setProperty(String property);
    
    public String getDefaultValue();
    public void setDefaultValue(String defaultValue);
}

Usage Examples

JSP Tag Usage

<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>

<!DOCTYPE html>
<html>
<head>
    <title>Secure Application</title>
</head>
<body>
    <!-- Authentication status -->
    <shiro:authenticated>
        <p>Welcome back! You are logged in as <shiro:principal/>.</p>
        
        <shiro:user>
            <p>You are a known user (authenticated or remembered).</p>
        </shiro:user>
        
        <a href="/logout">Logout</a>
    </shiro:authenticated>
    
    <shiro:notAuthenticated>
        <p>Please <a href="/login">login</a> to access this application.</p>
    </shiro:notAuthenticated>
    
    <shiro:guest>
        <p>You are browsing as a guest.</p>
    </shiro:guest>
    
    <!-- Role-based content -->
    <shiro:hasRole name="admin">
        <div class="admin-panel">
            <h3>Admin Panel</h3>
            <a href="/admin/users">Manage Users</a>
            <a href="/admin/settings">System Settings</a>
        </div>
    </shiro:hasRole>
    
    <shiro:hasRole name="manager">
        <div class="manager-panel">
            <h3>Manager Tools</h3>
            <a href="/reports">View Reports</a>
        </div>
    </shiro:hasRole>
    
    <shiro:lacksRole name="admin">
        <p>You don't have admin privileges.</p>
    </shiro:lacksRole>
    
    <shiro:hasAnyRoles name="admin,manager,supervisor">
        <div class="management-tools">
            <h3>Management Tools</h3>
            <!-- Management-specific content -->
        </div>
    </shiro:hasAnyRoles>
    
    <!-- Permission-based content -->
    <shiro:hasPermission name="user:create">
        <a href="/users/new" class="btn btn-primary">Create New User</a>
    </shiro:hasPermission>
    
    <shiro:hasPermission name="user:edit">
        <a href="/users/edit" class="btn btn-secondary">Edit Users</a>
    </shiro:hasPermission>
    
    <shiro:lacksPermission name="user:delete">
        <p class="text-muted">You cannot delete users.</p>
    </shiro:lacksPermission>
    
    <!-- Principal information -->
    <shiro:authenticated>
        <div class="user-info">
            <p>Username: <shiro:principal/></p>
            <p>User ID: <shiro:principal property="id"/></p>
            <p>Email: <shiro:principal property="email" defaultValue="No email set"/></p>
        </div>
    </shiro:authenticated>
</body>
</html>

Install with Tessl CLI

npx tessl i tessl/maven-org-apache-shiro--shiro-web

docs

authentication-filters.md

authorization-filters.md

environment-config.md

filter-chain-management.md

index.md

jsp-tag-library.md

servlet-filters.md

session-management.md

web-security-management.md

web-subjects.md

web-utilities.md

tile.json