quickstart sample app cleanup. Added new tags (user/guest)
git-svn-id: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk@710809 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/samples/quickstart/WEB-INF/web.xml b/samples/quickstart/WEB-INF/web.xml
index 04c68a3..de10557 100644
--- a/samples/quickstart/WEB-INF/web.xml
+++ b/samples/quickstart/WEB-INF/web.xml
@@ -16,7 +16,6 @@
# http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html
[main]
- sessionMode = jsecurity
[interceptors]
[urls]
diff --git a/samples/quickstart/account/index.jsp b/samples/quickstart/account/index.jsp
index b9dab63..1c74127 100644
--- a/samples/quickstart/account/index.jsp
+++ b/samples/quickstart/account/index.jsp
@@ -10,5 +10,9 @@
<p>You have successfully logged in.</p>
+ <p><a href="<c:url value="/home.jsp"/>">Return to the home page.</a></p>
+
+ <p><a href="<c:url value="/logoutjsp"/>">Log out.</a></p>
+
</body>
</html>
\ No newline at end of file
diff --git a/samples/quickstart/home.jsp b/samples/quickstart/home.jsp
index de2dd3d..ddb3618 100644
--- a/samples/quickstart/home.jsp
+++ b/samples/quickstart/home.jsp
@@ -8,14 +8,41 @@
<h1>JSecurity Quickstart</h1>
- <p>Hi! Welcome to the JSecurity Quickstart sample application.</p>
+ <p>Hi <jsec:guest>Guest</jsec:guest><jsec:user><jsec:principal/></jsec:user>!
+ ( <jsec:user><a href="<c:url value="/logout.jsp"/>">Log out</a></jsec:user>
+ <jsec:guest><a href="<c:url value="/account/"/>">Log in</a></jsec:guest> )
+ </p>
- <p>This page represents the home page of any web application.</p>
+ <p>Welcome to the JSecurity Quickstart sample application.
+ This page represents the home page of any web application.</p>
<h2>Roles</h2>
- <p>This part of the webpage shows the roles you currently have. If you have't logged in yet, you will only have
- the 'guest' role. </p>
+ <p>To show some taglibs, here are the roles you have and don't have. Log out and log back in under different user
+ accounts to see different roles.</p>
+
+ <h3>Roles you have</h3>
+
+ <p>
+ <jsec:hasRole name="guest">guest<br/></jsec:hasRole>
+ <jsec:hasRole name="root">root<br/></jsec:hasRole>
+ <jsec:hasRole name="president">president<br/></jsec:hasRole>
+ <jsec:hasRole name="darklord">darklord<br/></jsec:hasRole>
+ <jsec:hasRole name="goodguy">goodguy<br/></jsec:hasRole>
+ <jsec:hasRole name="schwartz">schwartz<br/></jsec:hasRole>
+ </p>
+
+ <h3>Roles you DON'T have</h3>
+
+ <p>
+ <jsec:lacksRole name="guest">guest<br/></jsec:lacksRole>
+ <jsec:lacksRole name="root">root<br/></jsec:lacksRole>
+ <jsec:lacksRole name="president">president<br/></jsec:lacksRole>
+ <jsec:lacksRole name="darklord">darklord<br/></jsec:lacksRole>
+ <jsec:lacksRole name="goodguy">goodguy<br/></jsec:lacksRole>
+ <jsec:lacksRole name="schwartz">schwartz<br/></jsec:lacksRole>
+ </p>
+
</body>
</html>
\ No newline at end of file
diff --git a/samples/quickstart/include.jsp b/samples/quickstart/include.jsp
index 9551fec..f47865d 100644
--- a/samples/quickstart/include.jsp
+++ b/samples/quickstart/include.jsp
@@ -1,3 +1,4 @@
+<%@ page import="org.jsecurity.SecurityUtils" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
-<%@ taglib prefix="jsecurity" uri="http://www.jsecurity.org/tags" %>
\ No newline at end of file
+<%@ taglib prefix="jsec" uri="http://www.jsecurity.org/tags" %>
\ No newline at end of file
diff --git a/samples/quickstart/logout.jsp b/samples/quickstart/logout.jsp
index 4b83fb7..305e973 100644
--- a/samples/quickstart/logout.jsp
+++ b/samples/quickstart/logout.jsp
@@ -45,7 +45,7 @@
<h2>Log out</h2>
-<p>You have succesfully logged out.</p>
+<p>You have succesfully logged out. <a href="<c:url value="/home.jsp"/>">Return to the home page.</a></p>
</body>
</html>
\ No newline at end of file
diff --git a/samples/quickstart/style.css b/samples/quickstart/style.css
index 0a46bd4..e84e207 100644
--- a/samples/quickstart/style.css
+++ b/samples/quickstart/style.css
@@ -1,7 +1,7 @@
body {
- margin: 1px;
+ margin: 15px 0 0 15px;
padding: 1px;
- background: #2370cf;
+ /*background: #2370cf;*/
font: 12px 'Lucida Grande', Geneva, Verdana, Arial, sans-serif;
color: #000;
}
diff --git a/src/org/jsecurity/web/RedirectView.java b/src/org/jsecurity/web/RedirectView.java
index ca4d071..88dac3e 100644
--- a/src/org/jsecurity/web/RedirectView.java
+++ b/src/org/jsecurity/web/RedirectView.java
@@ -66,6 +66,7 @@
* @author Juergen Hoeller
* @author Colin Sampaleanu
*/
+@SuppressWarnings({"deprecation"})
public class RedirectView {
/** The default encoding scheme: UTF-8 */
@@ -245,14 +246,12 @@
* @see java.net.URLEncoder#encode(String, String)
* @see java.net.URLEncoder#encode(String)
*/
- @SuppressWarnings("deprecated")
protected String urlEncode(String input, String encodingScheme) throws UnsupportedEncodingException {
if ( !JavaEnvironment.isAtLeastVersion14() ) {
if (log.isDebugEnabled()) {
log.debug("Only JDK 1.3 URLEncoder available: using platform default encoding " +
"instead of the requested scheme '" + encodingScheme + "'");
}
- //noinspection deprecation
return URLEncoder.encode(input);
}
return URLEncoder.encode(input, encodingScheme);
diff --git a/src/org/jsecurity/web/servlet/JSecurityHttpServletRequest.java b/src/org/jsecurity/web/servlet/JSecurityHttpServletRequest.java
index 718cd67..2bd3cd9 100644
--- a/src/org/jsecurity/web/servlet/JSecurityHttpServletRequest.java
+++ b/src/org/jsecurity/web/servlet/JSecurityHttpServletRequest.java
@@ -31,6 +31,7 @@
* @author Les Hazlewood
* @since 0.2
*/
+@SuppressWarnings({"deprecated", "deprecation"})
public class JSecurityHttpServletRequest extends HttpServletRequestWrapper {
//The following 7 constants support the JSecurity's implementation of the Servlet Specification
diff --git a/src/org/jsecurity/web/servlet/JSecurityHttpServletResponse.java b/src/org/jsecurity/web/servlet/JSecurityHttpServletResponse.java
index de15057..f41766c 100644
--- a/src/org/jsecurity/web/servlet/JSecurityHttpServletResponse.java
+++ b/src/org/jsecurity/web/servlet/JSecurityHttpServletResponse.java
@@ -40,6 +40,7 @@
* @author Les Hazlewood
* @since 0.2
*/
+@SuppressWarnings({"deprecated", "deprecation"})
public class JSecurityHttpServletResponse extends HttpServletResponseWrapper {
private static final String DEFAULT_SESSION_ID_PARAMETER_NAME = JSecurityHttpSession.DEFAULT_SESSION_ID_NAME;
diff --git a/src/org/jsecurity/web/servlet/JSecurityHttpSession.java b/src/org/jsecurity/web/servlet/JSecurityHttpSession.java
index 5cb0b32..4c40949 100644
--- a/src/org/jsecurity/web/servlet/JSecurityHttpSession.java
+++ b/src/org/jsecurity/web/servlet/JSecurityHttpSession.java
@@ -31,7 +31,7 @@
* @since 0.2
* @author Les Hazlewood
*/
-@SuppressWarnings("deprecated")
+@SuppressWarnings({"deprecated", "deprecation"})
public class JSecurityHttpSession implements HttpSession {
public static final String DEFAULT_SESSION_ID_NAME = "JSESSIONID";
@@ -127,6 +127,7 @@
return getAttribute( s );
}
+ @SuppressWarnings({"unchecked"})
protected Set<String> getKeyNames() {
Collection<Object> keySet = null;
try {
diff --git a/src/org/jsecurity/web/tags/AuthenticatedTag.java b/src/org/jsecurity/web/tags/AuthenticatedTag.java
index c413a6e..004029d 100644
--- a/src/org/jsecurity/web/tags/AuthenticatedTag.java
+++ b/src/org/jsecurity/web/tags/AuthenticatedTag.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2008 Jeremy Haile
+ * Copyright 2005-2008 Jeremy Haile, Les Hazlewood
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -19,24 +19,31 @@
import javax.servlet.jsp.tagext.TagSupport;
/**
- * JSP tag that renders the tag body if the current user is authenticated. If the
- * user is not authenticated, the tag body is skipped.
+ * JSP tag that renders the tag body only if the current user has executed a <b>successful</b> authentication attempt
+ * <em>during their current session</em>.
+ *
+ * <p>This is more restrictive than the {@link UserTag}, which only
+ * ensures the current user is known to the system, either via a current login or from Remember Me services,
+ * which only makes the assumption that the current user is who they say they are, and does not guarantee it like
+ * this tag does.
+ *
+ * <p>The logically opposite tag of this one is the {@link NotAuthenticatedTag}
*
* @since 0.2
* @author Jeremy Haile
+ * @author Les Hazlewood
*/
public class AuthenticatedTag extends SecureTag {
public int onDoStartTag() throws JspException {
if ( getSubject() != null && getSubject().isAuthenticated() ) {
if ( log.isTraceEnabled() ) {
- log.trace( "Subject exists and is authenticated. 'authenticated tag body will be evaluated." );
+ log.trace( "Subject exists and is authenticated. Tag body will be evaluated." );
}
return TagSupport.EVAL_BODY_INCLUDE;
} else {
if ( log.isTraceEnabled() ) {
- log.trace( "Subject does not exist or is not authenticated. 'authenticated' tag " +
- "body will not be evaluated." );
+ log.trace( "Subject does not exist or is not authenticated. Tag body will not be evaluated." );
}
return TagSupport.SKIP_BODY;
}
diff --git a/src/org/jsecurity/web/tags/GuestTag.java b/src/org/jsecurity/web/tags/GuestTag.java
new file mode 100644
index 0000000..6b39117
--- /dev/null
+++ b/src/org/jsecurity/web/tags/GuestTag.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2005-2008 Les Hazlewood
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jsecurity.web.tags;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.TagSupport;
+
+/**
+ * JSP tag that renders the tag body if the current user <em>is not</em> known to the system, either because they
+ * haven't logged in yet, or because they have no 'RememberMe' identity.
+ *
+ * <p>The logically opposite tag of this one is the {@link UserTag}. Please read that class's JavaDoc as it explains
+ * more about the differences between Authenticated/Unauthenticated and User/Guest semantic differences.
+ *
+ * @author Les Hazlewood
+ * @since 0.9
+ */
+public class GuestTag extends SecureTag {
+
+ public int onDoStartTag() throws JspException {
+ if ( getSubject() == null || getSubject().getPrincipal() == null ) {
+ if ( log.isTraceEnabled() ) {
+ log.trace( "Subject does not exist or does not have a known identity (aka 'principal'). " +
+ "Tag body will be evaluated." );
+ }
+ return TagSupport.EVAL_BODY_INCLUDE;
+ } else {
+ if ( log.isTraceEnabled() ) {
+ log.trace( "Subject exists or has a known identity (aka 'principal'). " +
+ "Tag body will not be evaluated." );
+ }
+ return TagSupport.SKIP_BODY;
+ }
+ }
+
+}
diff --git a/src/org/jsecurity/web/tags/NotAuthenticatedTag.java b/src/org/jsecurity/web/tags/NotAuthenticatedTag.java
index f44c5cc..61a7fda 100644
--- a/src/org/jsecurity/web/tags/NotAuthenticatedTag.java
+++ b/src/org/jsecurity/web/tags/NotAuthenticatedTag.java
@@ -19,8 +19,10 @@
import javax.servlet.jsp.tagext.TagSupport;
/**
- * JSP tag that renders the tag body if the current user is not authenticated. If the
- * user is authenticated, the tag body is skipped.
+ * JSP tag that renders the tag body only if the current user has <em>not</em> executed a successful authentication
+ * attempt <em>during their current session</em>.
+ *
+ * <p>The logically opposite tag of this one is the {@link AuthenticatedTag}.
*
* @since 0.2
* @author Jeremy Haile
@@ -30,14 +32,12 @@
public int onDoStartTag() throws JspException {
if ( getSubject() == null || !getSubject().isAuthenticated() ) {
if ( log.isTraceEnabled() ) {
- log.trace( "Subject does not exist or is not authenticated. 'notAuthenticated' tag body " +
- "will be evaluated." );
+ log.trace( "Subject does not exist or is not authenticated. Tag body will be evaluated." );
}
return TagSupport.EVAL_BODY_INCLUDE;
} else {
if ( log.isTraceEnabled() ) {
- log.trace( "Subject exists and is authenticated. 'notAuthenticated' tag body " +
- "will not be evaluated." );
+ log.trace( "Subject exists and is authenticated. Tag body will not be evaluated." );
}
return TagSupport.SKIP_BODY;
}
diff --git a/src/org/jsecurity/web/tags/UserTag.java b/src/org/jsecurity/web/tags/UserTag.java
new file mode 100644
index 0000000..a1e2b17
--- /dev/null
+++ b/src/org/jsecurity/web/tags/UserTag.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2008 Les Hazlewood
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jsecurity.web.tags;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.TagSupport;
+
+/**
+ * JSP tag that renders the tag body if the current user known to the system, either from a successful login attempt
+ * (not necessarily during the current session) or from 'RememberMe' services.
+ *
+ * <p><b>Note:</b> This is <em>less</em> restrictive than the <code>AuthenticatedTag</code> since it only assumes
+ * the user is who they say they are, either via a current session login <em>or</em> via Remember Me services, which
+ * makes no guarantee the user is who they say they are. The <code>AuthenticatedTag</code> however
+ * guarantees that the current user has logged in <em>during their current session</em>, proving they really are
+ * who they say they are.
+ *
+ * <p>The logically opposite tag of this one is the {@link GuestTag}.
+ *
+ * @author Les Hazlewood
+ * @since 0.9
+ */
+public class UserTag extends SecureTag {
+
+ public int onDoStartTag() throws JspException {
+ if ( getSubject() != null && getSubject().getPrincipal() != null ) {
+ if ( log.isTraceEnabled() ) {
+ log.trace( "Subject has known identity (aka 'principal'). " +
+ "Tag body will be evaluated." );
+ }
+ return TagSupport.EVAL_BODY_INCLUDE;
+ } else {
+ if ( log.isTraceEnabled() ) {
+ log.trace( "Subject does not exist or have a known identity (aka 'principal'). " +
+ "Tag body will not be evaluated." );
+ }
+ return TagSupport.SKIP_BODY;
+ }
+ }
+
+}
diff --git a/src/org/jsecurity/web/tags/jsecurity.tld b/src/org/jsecurity/web/tags/jsecurity.tld
index 2aa47ce..22fca8a 100644
--- a/src/org/jsecurity/web/tags/jsecurity.tld
+++ b/src/org/jsecurity/web/tags/jsecurity.tld
@@ -104,14 +104,36 @@
<name>authenticated</name>
<tag-class>org.jsecurity.web.tags.AuthenticatedTag</tag-class>
<body-content>JSP</body-content>
- <description>Displays body content only if the current user is authenticated.</description>
+ <description>Displays body content only if the current user has successfully authenticated
+ _during their current session_. It is more restrictive than the 'user' tag.
+ It is logically opposite to the 'notAuthenticated' tag.</description>
</tag>
<tag>
<name>notAuthenticated</name>
<tag-class>org.jsecurity.web.tags.NotAuthenticatedTag</tag-class>
<body-content>JSP</body-content>
- <description>Displays body content only if the current user is not authenticated.</description>
+ <description>Displays body content only if the current user has NOT succesfully authenticated
+ _during their current session_. It is logically opposite to the 'authenticated' tag.</description>
+ </tag>
+
+ <tag>
+ <name>user</name>
+ <tag-class>org.jsecurity.web.tags.UserTag</tag-class>
+ <body-content>JSP</body-content>
+ <description>Displays body content only if the current Subject has a known identity, either
+ from a previous login or from 'RememberMe' services. Note that this is semantically different
+ from the 'authenticated' tag, which is more restrictive. It is logically
+ opposite to the 'guest' tag.</description>
+ </tag>
+
+ <tag>
+ <name>guest</name>
+ <tag-class>org.jsecurity.web.tags.GuestTag</tag-class>
+ <body-content>JSP</body-content>
+ <description>Displays body content only if the current Subject IS NOT known to the system, either
+ because they have not logged in or they have no corresponding 'RememberMe' identity. It is logically
+ opposite to the 'user' tag.</description>
</tag>
<tag>
