Overview  Package   Class  Tree  Deprecated  Index  Help 
Spring Web Flow
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.faces.security
Class AbstractAuthorizeTag

java.lang.Object
  extended by org.springframework.faces.security.AbstractAuthorizeTag
Direct Known Subclasses:
FaceletsAuthorizeTag
public abstract class AbstractAuthorizeTag
extends java.lang.Object

A base class for an <authorize> tag used to make Spring Security based authorization decisions.

This class is independent of tag rendering technology (JSP, Facelets). It treats tag attributes as simple strings (with the notable exception of the "access" attribute, which is always expected to contain a Spring EL expression). Therefore subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate them as expressions if necessary, and use the result to set the String-based attributes of this class.

Since:
2.2.0
Author:
Francois Beausoleil, Luke Taylor, Rossen Stoyanchev

Constructor Summary
AbstractAuthorizeTag()
           
 
Method Summary
 boolean authorize()
          Make an authorization decision by considering all <authorize> tag attributes.
 boolean authorizeUsingAccessExpression()
          Make an authorization decision based on a Spring EL expression.
 boolean authorizeUsingGrantedAuthorities()
          Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted.
 boolean authorizeUsingUrlCheck()
          Make an authorization decision based on the URL and HTTP method attributes.
 java.lang.String getAccess()
           
 java.lang.String getIfAllGranted()
           
 java.lang.String getIfAnyGranted()
           
 java.lang.String getIfNotGranted()
           
 java.lang.String getMethod()
           
protected abstract  javax.servlet.ServletRequest getRequest()
          This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.
protected abstract  javax.servlet.ServletResponse getResponse()
          This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.
protected abstract  javax.servlet.ServletContext getServletContext()
          This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.
 java.lang.String getUrl()
           
 void setAccess(java.lang.String access)
           
 void setIfAllGranted(java.lang.String ifAllGranted)
           
 void setIfAnyGranted(java.lang.String ifAnyGranted)
           
 void setIfNotGranted(java.lang.String ifNotGranted)
           
 void setMethod(java.lang.String method)
           
 void setUrl(java.lang.String url)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractAuthorizeTag

public AbstractAuthorizeTag()
Method Detail

getRequest

protected abstract javax.servlet.ServletRequest getRequest()
This method allows subclasses to provide a way to access the ServletRequest according to the rendering technology.

getResponse

protected abstract javax.servlet.ServletResponse getResponse()
This method allows subclasses to provide a way to access the ServletResponse according to the rendering technology.

getServletContext

protected abstract javax.servlet.ServletContext getServletContext()
This method allows subclasses to provide a way to access the ServletContext according to the rendering technology.

authorize

public boolean authorize()
                  throws java.io.IOException
Make an authorization decision by considering all <authorize> tag attributes. The following are valid combinations of attributes: The above combinations are mutually exclusive and evaluated in the given order.

Returns:
the result of the authorization decision
Throws:
java.io.IOException

authorizeUsingGrantedAuthorities

public boolean authorizeUsingGrantedAuthorities()
Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any combination can be provided. All provided attributes must evaluate to true.

Returns:
the result of the authorization decision

authorizeUsingAccessExpression

public boolean authorizeUsingAccessExpression()
                                       throws java.io.IOException
Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter in Spring Security for details on what expressions can be used.

Returns:
the result of the authorization decision
Throws:
java.io.IOException

authorizeUsingUrlCheck

public boolean authorizeUsingUrlCheck()
                               throws java.io.IOException
Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is allowed to access the given URL as defined.

Returns:
the result of the authorization decision
Throws:
java.io.IOException

getAccess

public java.lang.String getAccess()

setAccess

public void setAccess(java.lang.String access)

getUrl

public java.lang.String getUrl()

setUrl

public void setUrl(java.lang.String url)

getMethod

public java.lang.String getMethod()

setMethod

public void setMethod(java.lang.String method)

getIfAllGranted

public java.lang.String getIfAllGranted()

setIfAllGranted

public void setIfAllGranted(java.lang.String ifAllGranted)

getIfAnyGranted

public java.lang.String getIfAnyGranted()

setIfAnyGranted

public void setIfAnyGranted(java.lang.String ifAnyGranted)

getIfNotGranted

public java.lang.String getIfNotGranted()

setIfNotGranted

public void setIfNotGranted(java.lang.String ifNotGranted)
Overview  Package   Class  Tree  Deprecated  Index  Help 
Spring Web Flow
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD