| java.lang.Object | |
| ↳ | org.springframework.security.taglibs.authz.AbstractAuthorizeTag |
 Known Direct Subclasses
|
Class Overview
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). It treats tag attributes as simple strings rather than strings that may contain expressions with the exception of the "access" attribute, which is always expected to contain a Spring EL expression.
Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and set the String-based attributes of this class.Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Make an authorization decision by considering all <authorize> tag attributes.
| |||||||||||
Make an authorization decision based on a Spring EL expression.
| |||||||||||
Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted.
| |||||||||||
Make an authorization decision based on the URL and HTTP method attributes.
| |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Allows the
EvaluationContext to be customized for variable lookup etc. | |||||||||||
This method allows subclasses to provide a way to access the ServletRequest according to the rendering
technology.
| |||||||||||
This method allows subclasses to provide a way to access the ServletResponse according to the rendering
technology.
| |||||||||||
This method allows subclasses to provide a way to access the ServletContext according to the rendering
technology.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
From class
java.lang.Object
| |||||||||||
Public Constructors
public AbstractAuthorizeTag ()
Public Methods
public boolean authorize ()
Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes:
- access
- url, method
- ifAllGranted, ifAnyGranted, ifNotGranted
Returns
- the result of the authorization decision
Throws
| IOException |
|---|
public boolean authorizeUsingAccessExpression ()
Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.
Returns
- the result of the authorization decision
Throws
| IOException |
|---|
public boolean authorizeUsingGrantedAuthorities ()
Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any combination can be provided. All provided attributes must evaluate to true.
Returns
- the result of the authorization decision
public boolean authorizeUsingUrlCheck ()
Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.
Returns
- the result of the authorization decision
Throws
| IOException |
|---|
Protected Methods
protected EvaluationContext createExpressionEvaluationContext (SecurityExpressionHandler<FilterInvocation> handler)
Allows the EvaluationContext to be customized for variable lookup etc.
protected abstract ServletRequest getRequest ()
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
protected abstract ServletResponse getResponse ()
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
protected abstract ServletContext getServletContext ()
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.