AbstractAuthorizeTag (Spring Security 3.1.4.RELEASE API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.taglibs.authz
Class AbstractAuthorizeTag

java.lang.Object
  org.springframework.security.taglibs.authz.AbstractAuthorizeTag

Direct Known Subclasses:: JspAuthorizeTag

public abstract class AbstractAuthorizeTag
extends Object
extends Object

A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). It treats tag attributes as simple strings rather than strings that may contain expressions with the exception of the "access" attribute, which is always expected to contain a Spring EL expression.

Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and set the String-based attributes of this class.

Since:: 3.1.0

Constructor Summary
`AbstractAuthorizeTag()`

Method Summary
`boolean`	`authorize()` Make an authorization decision by considering all <authorize> tag attributes.
`boolean`	`authorizeUsingAccessExpression()` Make an authorization decision based on a Spring EL expression.
`boolean`	`authorizeUsingGrantedAuthorities()` Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted.
`boolean`	`authorizeUsingUrlCheck()` Make an authorization decision based on the URL and HTTP method attributes.
`protected EvaluationContext`	`createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler)` Allows the `EvaluationContext` to be customized for variable lookup etc.
`String`	`getAccess()`
`String`	`getIfAllGranted()`
`String`	`getIfAnyGranted()`
`String`	`getIfNotGranted()`
`String`	`getMethod()`
`protected abstract javax.servlet.ServletRequest`	`getRequest()` This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
`protected abstract javax.servlet.ServletResponse`	`getResponse()` This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
`protected abstract javax.servlet.ServletContext`	`getServletContext()` This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
`String`	`getUrl()`
`void`	`setAccess(String access)`
`void`	`setIfAllGranted(String ifAllGranted)`
`void`	`setIfAnyGranted(String ifAnyGranted)`
`void`	`setIfNotGranted(String ifNotGranted)`
`void`	`setMethod(String method)`
`void`	`setUrl(String url)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

AbstractAuthorizeTag

public AbstractAuthorizeTag()

Method Detail

getRequest

protected abstract javax.servlet.ServletRequest getRequest()

This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.

getResponse

protected abstract javax.servlet.ServletResponse getResponse()

This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.

getServletContext

protected abstract javax.servlet.ServletContext getServletContext()

This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.

authorize

public boolean authorize()
                  throws IOException

Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes:

access
url, method
ifAllGranted, ifAnyGranted, ifNotGranted

The above combinations are mutually exclusive and evaluated in the given order.

Returns:: the result of the authorization decision
Throws:: IOException

authorizeUsingGrantedAuthorities

public boolean authorizeUsingGrantedAuthorities()

Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any combination can be provided. All provided attributes must evaluate to true.

Returns:: the result of the authorization decision

authorizeUsingAccessExpression

public boolean authorizeUsingAccessExpression()
                                       throws IOException

Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.

Returns:: the result of the authorization decision
Throws:: IOException

createExpressionEvaluationContext

protected EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler)

Allows the EvaluationContext to be customized for variable lookup etc.

authorizeUsingUrlCheck

public boolean authorizeUsingUrlCheck()
                               throws IOException

Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.

Returns:: the result of the authorization decision
Throws:: IOException

getAccess

public String getAccess()

setAccess

public void setAccess(String access)

getUrl

public String getUrl()

setUrl

public void setUrl(String url)

getMethod

public String getMethod()

setMethod

public void setMethod(String method)

getIfAllGranted

public String getIfAllGranted()

setIfAllGranted

public void setIfAllGranted(String ifAllGranted)

getIfAnyGranted

public String getIfAnyGranted()

setIfAnyGranted

public void setIfAnyGranted(String ifAnyGranted)

getIfNotGranted

public String getIfNotGranted()

setIfNotGranted

public void setIfNotGranted(String ifNotGranted)