Authorization (autho) Tag Library

The autho tag library verifies you to verify whether you belong to a Sterling B2B Integrator group or to verify your specified Sterling B2B Integrator permission.

If the authorization fails, the JSP body is not displayed or you are redirected to an error page. If neither permissions nor groups attributes are set, you are authorized.

Since authorization is based on at least one match against permission or a group, authorization succeeds. This means that if a user does not have association with any group, but has one permission applied, the authorization succeeds.

The following table describes the attributes used by the autho tag library:

Attribute

Description

user

(Optional) User ID

This attribute may be specified at the business process run time. The tag checks the session for a user name attribute if the attribute is not declared.

group

(Optional) Group ID

This attribute may be specified at the business process run time.

groups

List or ArrayList of group IDs

Both the group and the groups attributes must be declared at the same time. Authorization succeeds if you have association with at least one group.

permission

(Optional) Permission ID

This attribute may be specified at the business process run time.

permissions

List or ArrayList of permission

Both the permission and the permissions attributes must be declared at the same time. Authorization succeeds if you have association with at least one permission.

login

(Optional) URL of the login page that you are redirected to if the session expires or is invalid. A session is invalid if a user name attribute is not present..

This attribute may be specified at the business process run time. If this attribute is not set and the session expires, the JSP page does not display. The session is valid if the user name attribute is present.

checkExistence

(Optional) Checks for a group or permission association prior to authorization.

This attribute may be specified at the business process run time. If a permission or group association does not exist and this value is set to true, all non-existent permissions and groups are skipped in the authorization process.