Module org.omnifaces

Package org.omnifaces.security

Class AnonymousTagHandler

java.lang.Object

jakarta.faces.view.facelets.TagHandler

org.omnifaces.security.AnonymousTagHandler

All Implemented Interfaces:

FaceletHandler

public class AnonymousTagHandler
extends TagHandler

The <sec:isAnonymous> tag conditionally renders its content only when the user is anonymous (not authenticated). This is useful for displaying login forms, welcome messages for guests, or other content that should only be visible to non-authenticated users.

Usage

To use the security taglib, declare the omnifaces.security namespace in your Facelets view:

 <html xmlns:sec="omnifaces.security">
 

The <sec:isAnonymous> tag has no attributes. Simply wrap the content you want to show only to anonymous users.

Example: Login form for anonymous users

Display a login link only when the user is not authenticated:

 <sec:isAnonymous>
     <h:link value="Login" outcome="/login" />
 </sec:isAnonymous>
 

Example: Welcome message for guests

Show a different welcome message for anonymous users:

 <sec:isAnonymous>
     <h:outputText value="Welcome, Guest! Please login to access all features." />
 </sec:isAnonymous>
 

Example: Combined with isAuthenticated

Use together with <sec:isAuthenticated> to show different content based on authentication status:

 <sec:isAnonymous>
     <h:form>
         <h:outputLabel for="username" value="Username:" />
         <h:inputText id="username" value="#{loginBean.username}" />
         <h:commandButton value="Login" action="#{loginBean.login}" />
     </h:form>
 </sec:isAnonymous>

 <sec:isAuthenticated>
     <h:outputText value="Welcome back, #{request.remoteUser}!" />
 </sec:isAuthenticated>
 

Implementation details

This tag checks if SecurityContext.getCallerPrincipal() returns null. If the principal is null, the user is considered anonymous and the content will be rendered.

Configuration

This tag requires SecurityContext from jakarta.security.enterprise to be available. If the security context is not available, a warning will be logged and no content will be rendered. Make sure your application has Jakarta Security properly configured.

Since:

5.0

Author:

Leonardo Bernardes (@redddcyclone), Bauke Scholtz

See Also:

• BaseSecurityTagHandler
• AuthenticatedTagHandler
• AuthorizeTagHandler

Field Summary

Fields inherited from class jakarta.faces.view.facelets.TagHandler

nextHandler, tag, tagId

Constructor Summary

Constructors

Constructor	Description
AnonymousTagHandler(TagConfig config)	Constructor for the TagHandler

Method Summary

Modifier and Type	Method	Description
void	apply(FaceletContext context, UIComponent parent)
protected Optional<SecurityContext>	getSecurityContext()	Retrieves the current SecurityContext from CDI.

Methods inherited from class jakarta.faces.view.facelets.TagHandler

getAttribute, getRequiredAttribute, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

AnonymousTagHandler

public AnonymousTagHandler(TagConfig config)

Constructor for the TagHandler

Parameters:

config - TagConfig

Method Details

apply

public void apply(FaceletContext context,
 UIComponent parent)
           throws IOException

Throws:

IOException

getSecurityContext

protected Optional<SecurityContext> getSecurityContext()

Retrieves the current SecurityContext from CDI. If the SecurityContext is not available, logs a warning and returns empty Optional.

Returns:

Optional containing the SecurityContext, or empty if not available