-
The <sec:isAnonymous> tag conditionally renders its content only when the user is anonymous (not authenticated). This is useful for displaying login forms, welcome messages for guests, or other content that should only be visible to non-authenticated users.
Usage
To use the security taglib, declare the omnifaces.security namespace in your Facelets view:
<html xmlns:sec="omnifaces.security">The <sec:isAnonymous> tag has no attributes. Simply wrap the content you want to show only to anonymous users.
Example: Login form for anonymous users
Display a login link only when the user is not authenticated:
<sec:isAnonymous>
<h:link value="Login" outcome="/login" />
</sec:isAnonymous>Example: Welcome message for guests
Show a different welcome message for anonymous users:
<sec:isAnonymous>
<h:outputText value="Welcome, Guest! Please login to access all features." />
</sec:isAnonymous>Example: Combined with isAuthenticated
Use together with <sec:isAuthenticated> to show different content based on authentication status:
<sec:isAnonymous>
<h:form>
<h:outputLabel for="username" value="Username:" />
<h:inputText id="username" value="#{loginBean.username}" />
<h:commandButton value="Login" action="#{loginBean.login}" />
</h:form>
</sec:isAnonymous>
<sec:isAuthenticated>
<h:outputText value="Welcome back, #{request.remoteUser}!" />
</sec:isAuthenticated>Implementation details
This tag checks if SecurityContext.getCallerPrincipal() returns null. If the principal is null, the user is considered anonymous and the content will be rendered.
Configuration
This tag requires SecurityContext from jakarta.security.enterprise to be available. If the security context is not available, a warning will be logged and no content will be rendered. Make sure your application has Jakarta Security properly configured.