Class AbstractAuthorizeTag
java.lang.Object
org.springframework.security.taglibs.authz.AbstractAuthorizeTag
- Direct Known Subclasses:
JspAuthorizeTag
A base class for an <authorize> tag that is independent of the tag rendering
technology (JSP, Facelets). It treats tag attributes as simple strings rather than
strings that may contain expressions with the exception of the "access" attribute,
which is always expected to contain a Spring EL expression.
Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and set the String-based attributes of this class.
- Since:
- 3.1.0
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionboolean
Make an authorization decision by considering all <authorize> tag attributes.boolean
Make an authorization decision based on a Spring EL expression.boolean
Make an authorization decision based on the URL and HTTP method attributes.protected org.springframework.expression.EvaluationContext
Allows theEvaluationContext
to be customized for variable lookup etc.protected abstract jakarta.servlet.ServletRequest
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.protected abstract jakarta.servlet.ServletResponse
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.protected abstract jakarta.servlet.ServletContext
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.getUrl()
void
void
void
-
Constructor Details
-
AbstractAuthorizeTag
public AbstractAuthorizeTag()
-
-
Method Details
-
getRequest
protected abstract jakarta.servlet.ServletRequest getRequest()This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology. -
getResponse
protected abstract jakarta.servlet.ServletResponse getResponse()This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology. -
getServletContext
protected abstract jakarta.servlet.ServletContext getServletContext()This method allows subclasses to provide a way to access the ServletContext according to the rendering technology. -
authorize
Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes:- access
- url, method
- Returns:
- the result of the authorization decision
- Throws:
IOException
-
authorizeUsingAccessExpression
Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.- Returns:
- the result of the authorization decision
- Throws:
IOException
-
createExpressionEvaluationContext
protected org.springframework.expression.EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler) Allows theEvaluationContext
to be customized for variable lookup etc. -
authorizeUsingUrlCheck
Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.- Returns:
- the result of the authorization decision
- Throws:
IOException
-
getAccess
-
setAccess
-
getUrl
-
setUrl
-
getMethod
-
setMethod
-