Class AbstractAuthorizeTag
- java.lang.Object
-
- org.springframework.security.taglibs.authz.AbstractAuthorizeTag
-
- Direct Known Subclasses:
JspAuthorizeTag
public abstract class AbstractAuthorizeTag extends java.lang.Object
A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets). It treats tag attributes as simple strings rather than strings that may contain expressions with the exception of the "access" attribute, which is always expected to contain a Spring EL expression.Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and set the String-based attributes of this class.
- Since:
- 3.1.0
-
-
Constructor Summary
Constructors Constructor Description AbstractAuthorizeTag()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
authorize()
Make an authorization decision by considering all <authorize> tag attributes.boolean
authorizeUsingAccessExpression()
Make an authorization decision based on a Spring EL expression.boolean
authorizeUsingUrlCheck()
Make an authorization decision based on the URL and HTTP method attributes.protected org.springframework.expression.EvaluationContext
createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler)
Allows theEvaluationContext
to be customized for variable lookup etc.java.lang.String
getAccess()
java.lang.String
getMethod()
protected abstract javax.servlet.ServletRequest
getRequest()
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.protected abstract javax.servlet.ServletResponse
getResponse()
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.protected abstract javax.servlet.ServletContext
getServletContext()
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.java.lang.String
getUrl()
void
setAccess(java.lang.String access)
void
setMethod(java.lang.String method)
void
setUrl(java.lang.String url)
-
-
-
Method Detail
-
getRequest
protected abstract javax.servlet.ServletRequest getRequest()
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
-
getResponse
protected abstract javax.servlet.ServletResponse getResponse()
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
-
getServletContext
protected abstract javax.servlet.ServletContext getServletContext()
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
-
authorize
public boolean authorize() throws java.io.IOException
Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes:- access
- url, method
- Returns:
- the result of the authorization decision
- Throws:
java.io.IOException
-
authorizeUsingAccessExpression
public boolean authorizeUsingAccessExpression() throws java.io.IOException
Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.- Returns:
- the result of the authorization decision
- Throws:
java.io.IOException
-
createExpressionEvaluationContext
protected org.springframework.expression.EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler)
Allows theEvaluationContext
to be customized for variable lookup etc.
-
authorizeUsingUrlCheck
public boolean authorizeUsingUrlCheck() throws java.io.IOException
Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.- Returns:
- the result of the authorization decision
- Throws:
java.io.IOException
-
getAccess
public java.lang.String getAccess()
-
setAccess
public void setAccess(java.lang.String access)
-
getUrl
public java.lang.String getUrl()
-
setUrl
public void setUrl(java.lang.String url)
-
getMethod
public java.lang.String getMethod()
-
setMethod
public void setMethod(java.lang.String method)
-
-