Static handler elements

You use the <StaticHandler> element in security-config.xml to define security permissions on an entity. This type of security permission is static and requires no object.

There is no limit to the number of <StaticHandler> elements that can exist in security-config.xml. Each <StaticHandler> element can contain zero to many <SystemPermType> elements.

This element has the following syntax.

<StaticHandler entity="entity" permKey="perm" desc="..." noPermissionDisplayKey="key">
  <SystemPermType code="code"/>
  ...
</StaticHandler>

You access this permission in code as perm.entity.perm. This syntax has the following meaning:

  • entity – The business object or entity on which the permission acts.
  • perm – The permission given for this entity.

The attributes on the various elements have the following meanings.

Element

Attribute

Required

Description

StaticHandler

entity

Yes

The entity type on which this security handler acts.

permKey

Yes

The application permission to grant.

desc

No

A human-readable description of the permission.

noPermissionDisplayKey

No

A display key that provides the text to show if the user does not have a required permission.

SystemPermType

code

Yes

A code value defined in the SystemPermissionType typelist.

The following example shows a typical <StaticHandler> element. 

<StaticHandler entity="User" permKey="ViewProfiler" noPermissionDisplayKey="No access to ViewProfiler.">
  <SystemPermType code="internaltools"/>
  <SystemPermType code="toolsprofilerview"/>
</StaticHandler>

Notice that:

  • The security permissions work on a User entity.
  • The application permission key is ViewProfiler.
  • The handler lists a set of specific system permission types to which the handler grants the user access, if any of the conditions are met.

To have the ViewProfiler application permission, the user must have an assigned role that contains one or more of the listed system permissions.

Static handlers specify OR conditions

Static security handlers define Boolean OR conditions. This means for the user to have a certain application permission, the user must have an assigned role that contains at least one of the following:

  • System permission A
  • Or, system permission B
  • Or, system permission C
  • Or, …
Suppose that you have the following code that references the ViewProfiler static handler shown previously.
  • if (perm.User.ViewProfiler) ...

The sample code condition evaluates to true if the current user has an assigned role with either the internaltools permission or the toolsprofilerview permission.

See also