Class AbstractAuthorizeTag

  • Direct Known Subclasses:
    JspAuthorizeTag

    public abstract class AbstractAuthorizeTag
    extends java.lang.Object
    A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). It treats tag attributes as simple strings rather than strings that may contain expressions with the exception of the "access" attribute, which is always expected to contain a Spring EL expression.

    Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and set the String-based attributes of this class.

    Since:
    3.1.0
    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      boolean authorize()
      Make an authorization decision by considering all <authorize> tag attributes.
      boolean authorizeUsingAccessExpression()
      Make an authorization decision based on a Spring EL expression.
      boolean authorizeUsingUrlCheck()
      Make an authorization decision based on the URL and HTTP method attributes.
      protected org.springframework.expression.EvaluationContext createExpressionEvaluationContext​(SecurityExpressionHandler<FilterInvocation> handler)
      Allows the EvaluationContext to be customized for variable lookup etc.
      java.lang.String getAccess()  
      java.lang.String getMethod()  
      protected abstract javax.servlet.ServletRequest getRequest()
      This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
      protected abstract javax.servlet.ServletResponse getResponse()
      This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
      protected abstract javax.servlet.ServletContext getServletContext()
      This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
      java.lang.String getUrl()  
      void setAccess​(java.lang.String access)  
      void setMethod​(java.lang.String method)  
      void setUrl​(java.lang.String url)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AbstractAuthorizeTag

        public AbstractAuthorizeTag()
    • Method Detail

      • getRequest

        protected abstract javax.servlet.ServletRequest getRequest()
        This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
      • getResponse

        protected abstract javax.servlet.ServletResponse getResponse()
        This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
      • getServletContext

        protected abstract javax.servlet.ServletContext getServletContext()
        This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
      • authorize

        public boolean authorize()
                          throws java.io.IOException
        Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes:
        • access
        • url, method
        The above combinations are mutually exclusive and evaluated in the given order.
        Returns:
        the result of the authorization decision
        Throws:
        java.io.IOException
      • authorizeUsingAccessExpression

        public boolean authorizeUsingAccessExpression()
                                               throws java.io.IOException
        Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.
        Returns:
        the result of the authorization decision
        Throws:
        java.io.IOException
      • createExpressionEvaluationContext

        protected org.springframework.expression.EvaluationContext createExpressionEvaluationContext​(SecurityExpressionHandler<FilterInvocation> handler)
        Allows the EvaluationContext to be customized for variable lookup etc.
      • authorizeUsingUrlCheck

        public boolean authorizeUsingUrlCheck()
                                       throws java.io.IOException
        Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.
        Returns:
        the result of the authorization decision
        Throws:
        java.io.IOException
      • getAccess

        public java.lang.String getAccess()
      • setAccess

        public void setAccess​(java.lang.String access)
      • getUrl

        public java.lang.String getUrl()
      • setUrl

        public void setUrl​(java.lang.String url)
      • getMethod

        public java.lang.String getMethod()
      • setMethod

        public void setMethod​(java.lang.String method)