开发者

Spring Security Taglibs control statement

开发者 https://www.devze.com 2022-12-30 07:27 出处:网络
Is there a way to implement control statement with Spring Security taglibs? Currently we can only check if a user has a role...

Is there a way to implement control statement with Spring Security taglibs?

Currently we can only check if a user has a role...

<security:authorize access="hasRole('ROLE_ADMIN')">
   // display something
</security:authorize>

How about els开发者_如何学Ce?


The question is old, but anyway..

You can store the result of tag evaluation into variable (at least at version 3.1) and then use it within standard if/else construction. I think this is more useful solution than previous one.

<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<c:choose>
   <c:when test="${isAdmin}">superuser</c:when>
   <c:otherwise>ordinary user</c:otherwise>
</c:choose>


If you missed the comment of the accepted answer. Here is how to make a control statement out of <security:authorize>

<security:authorize access="hasRole('ROLE_ADMIN')">
    // IF -- display something
</security:authorize>

<security:authorize access="!hasRole('ROLE_ADMIN')">
    // ELSE -- display something
</security:authorize>

Notice the ! not statement in else condition

credits to @Blake


Value of the access attribute is a SpEL expression, evaluated against WebSecurityExpressionRoot, so you can use all its methods and all SpEL syntax.

Also you can customize creation of the evaluation context by declaring a custom WebSecurityExpressionHandler as a bean (then you can add your own methods and variables).

0

精彩评论

暂无评论...
验证码 换一张
取 消