The steps involved in creating a custom tag library are best illustrated by example. The following example shows you the steps for creating a new tag library called sslCheck. This library uses Secure Socket Layer (SSL) for securing your Web site. SSL allows a secure connection between your Web browser and a Web server, and the sslCheck tag provides a flexible way of using secure connections. The tag can be used in any JSP script, including Java™ and JavaScript™.
The following simple tag implementation checks the protocol used, then redirects the user to the secure page or to an error page, depending on the parameterization of the tag (explained later). This secure connection implementation only works for JSP pages (server-side dynamically running pages), and not for HTML (static) pages.
package com.ibm.entry.security; import java.io.*; import javax.servlet.http.*; import javax.servlet.jsp.*; import javax.servlet.jsp.tagext.TagSupport; public class sslCheck extends TagSupport { private String errorpage=null; public void setErrorpage(String errorpage) { this.errorpage=errorpage; } public int doStartTag() throws JspException { try { HttpServletRequest request=(HttpServletRequest)pageContext.getRequest(); HttpServletResponse response=(HttpServletResponse)pageContext.getResponse(); if(request.getScheme().indexOf("https")==-1) { if(errorpage!=null) { // redirect to the error page response.sendRedirect(errorpage); } else { // redirect to the page using ssl String jumpURL="https://"+request.getServerName()+request.getRequestURI(); if(request.getQueryString()!=null) jumpURL+="?"+request.getQueryString(); response.sendRedirect(jumpURL); } return SKIP_PAGE; } } catch (IOException ioe) { throw new JspTagException("sslcheck tag failed"); } return EVAL_BODY_INCLUDE; } public int doEndTag() { return EVAL_PAGE; } }
<?xml version="1.0" encoding="UTF-8"?> <taglib> <tlibversion>1.0</tlibversion> <shortname>sslchk</shortname> <info>Tag library for checking SSL</info> <tag> <name>sslcheck</name> <tagclass>com.ibm.entry.security.sslCheck</tagclass> <bodycontent>empty</bodycontent> <attribute> <name>errorpage</name> <required>false</required> <rtexprvalue>true</rtexprvalue> </attribute> </tag> </taglib>
<%@ taglib uri="/WEB-INF/tlds/sslCheck.tld" prefix="sslchk" %>
Option | Description |
---|---|
<sslchk:sslcheck errorpage="error_page"/> | When the request goes to the JSP and it is not using SSL, the page defined with the errorpage attribute will be displayed. You must create the error page with the error messages before you start using the application. |
<sslchk:sslcheck/> | Using the tag without the errorpage attribute will redirect the page immediately to the same location but using a secure connection. |
<install directory>\eclipse\plugins\org.eclipse.jst.websphere.runtime\etc\DummyServerKeyFile.jksWebAS is the password for the JKS file.
<%@ taglib uri="/WEB-INF/tlds/sslCheck.tld" prefix="sslchk" %> <sslchk:sslcheck/>
(C) Copyright IBM Corporation 2000, 2005. All Rights Reserved.