sec

The <sec:isAnonymous> tag conditionally renders its content only when the user is anonymous (not authenticated). This is useful for displaying login forms, welcome messages for guests, or other content that should only be visible to non-authenticated users.

Usage

To use the security taglib, declare the omnifaces.security namespace in your Facelets view:

 <html xmlns:sec="omnifaces.security">
 

The <sec:isAnonymous> tag has no attributes. Simply wrap the content you want to show only to anonymous users.

Example: Login form for anonymous users

Display a login link only when the user is not authenticated:

 <sec:isAnonymous>
     <h:link value="Login" outcome="/login" />
 </sec:isAnonymous>
 

Example: Welcome message for guests

Show a different welcome message for anonymous users:

 <sec:isAnonymous>
     <h:outputText value="Welcome, Guest! Please login to access all features." />
 </sec:isAnonymous>
 

Example: Combined with isAuthenticated

Use together with <sec:isAuthenticated> to show different content based on authentication status:

 <sec:isAnonymous>
     <h:form>
         <h:outputLabel for="username" value="Username:" />
         <h:inputText id="username" value="#{loginBean.username}" />
         <h:commandButton value="Login" action="#{loginBean.login}" />
     </h:form>
 </sec:isAnonymous>

 <sec:isAuthenticated>
     <h:outputText value="Welcome back, #{request.remoteUser}!" />
 </sec:isAuthenticated>
 

Implementation details

This tag checks if SecurityContext#getCallerPrincipal() returns null. If the principal is null, the user is considered anonymous and the content will be rendered.

Configuration

This tag requires SecurityContext from jakarta.security.enterprise to be available. If the security context is not available, a warning will be logged and no content will be rendered. Make sure your application has Jakarta Security properly configured.