This project has retired. For details please refer to its Attic page.
Apache Tiles - Framework - Security Fork me on GitHub

Security

Tiles allows the visibility of a template, an attribute or a definition only to selected roles.

Allowing definitions

A definition can be allowed to be rendered only by selected roles:

  • in XML definition files:
    <definition name="test.definition"
        template="/layout/my-template.jsp role="myrole">
        ...
    </definition>
  • in JSP pages, when inserting definitions:
    <tiles:insertDefinition name="test.definition" role="myrole" />
  • in JSP pages, when definining definitions:
    <tiles:definition name="test.definition"
        template="/layout/my-template.jsp" role="myrole">
        ...
    </tiles:definition>

Allowing attributes

An attribute can be allowed to be rendered only by selected roles:

  • in XML definition files:
    <definition name="test.definition"
        template="/layout/my-template.jsp>
      <put-attribute name="header" value="/header.jsp" role="myrole" />
    </definition>
  • in JSP pages, when inserting attributes:
    <tiles:insertAttribute name="header" role="myrole" />
  • in JSP pages, when putting attributes:
    <tiles:putAttribute name="header" value="/header.jsp" role="myrole" />

Allowing templates

Templates can be allowed to be rendered only by selected rows in JSP pages:

<tiles:insertTemplate name="test.definition"
    template="/layout/my-template.jsp" "role="myrole">
    ...
</tiles:insertTemplate>