Is there a way to implement control statement with Spring Security taglibs?
Currently we can only check if a user has a role...
<security:authorize access="hasRole('ROLE_ADMIN')">
// display something
</security:authorize>
How about els开发者_如何学Ce?
The question is old, but anyway..
You can store the result of tag evaluation into variable (at least at version 3.1) and then use it within standard if/else
construction. I think this is more useful solution than previous one.
<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<c:choose>
<c:when test="${isAdmin}">superuser</c:when>
<c:otherwise>ordinary user</c:otherwise>
</c:choose>
If you missed the comment of the accepted answer. Here is how to make a control statement out of <security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">
// IF -- display something
</security:authorize>
<security:authorize access="!hasRole('ROLE_ADMIN')">
// ELSE -- display something
</security:authorize>
Notice the !
not statement in else condition
credits to @Blake
Value of the access
attribute is a SpEL expression, evaluated against WebSecurityExpressionRoot
, so you can use all its methods and all SpEL syntax.
Also you can customize creation of the evaluation context by declaring a custom WebSecurityExpressionHandler
as a bean (then you can add your own methods and variables).
精彩评论