Resource specifies the privilege level a user must have to a resource listed in the realmdb database. The tag can be used by an AuthUser tag or standalone.

Resource tags can be associated with different authentication methods. Password and session types will be covered here. For more information on authentication types
@see com.plands.dxp.AuthUser

In the first two examples the AuthUser tag will require a username and password to check a user's access privilege to the Resource. The Resource name attribute specifies mycompany.timelog where the realm name is mycompany and the resource in the realm is timelog.

<dxp:AuthUser type="PW" lifespan="120" store="user">
   <dxp:Resource priv="POST" name="mycompany.timelog" />
</dxp:AuthUser>

The realm name that a Resource belongs to can be passed as a runtime paramter. In that case the Resource tag contains a param attributed with the paramter name that will return the realm name from the request.

In the next example the realm is passed as a paramter and the name attribute is missing the realm part (to the left of the dot) and just contains the resource name for the realm that will be supplied.

<dxp:AuthUser type="PW" lifespan="120" store="user">
   <dxp:Resource priv="POST" name=".timelog" param="company" />
</dxp:AuthUser>

When the AuthUser tag uses a sessionID to authenticate a user rather than a password the realm name is bound to the session. In that case the param attribute is not used. The realm name is returned by the authorization service when it receives a valid sessionID. In this case the Resource name again begins with a dot char because the realm name will be supplied from another source.

<dxp:AuthUser type="SESSION" lifespan="120" store="user">
   <dxp:Resource priv="POST" name=".timelog" />
</dxp:AuthUser>

On pages that have been authenticated you can add addtional Resource tags outside the AuthUser tag and enforce more stringent access to particular sections of the page. In the example below a user may logon to a page that requires a POST privilege but may never run this section below that requires an MGR privilege.

<dxp:Resource priv="MGR" name=".payroll">
   <dxp:DbStmt action="update" dbcon="mydb" store="cnt">
      <dxp:Sqlparam type="NUMBER">salary</dxp:SqlParam>
      <dxp:Sqlparam type="NUMBER">ID</dxp:SqlParam>
      <dxp:SqlStmt>update personnell set salary=? where ID=?</dxp:SqlStmt>
   </dxp:DbStmt>
</dxp:Resource>

Miscellaneous. A Resource specifies all it's properties as attributes; it does not list them in the content section. The reason for this is that the Resource tag can enclose other child tags that have nothing to do with the Resource other than being allowed to run themselves. Mixing Resource properties in this section would make it more difficult to separate Resource properties from child tags. The Resource tag could have special property tags but that would be redundant since they can just be listed as attributes anyway.

Return to Index

Note: We have tried to test all of the code examples but they may contain errors. Any questions, comments, suggestions, or problems should be sent to info@plands.com.