META-INF.security.tld Maven / Gradle / Ivy
Spring Security Authorization Tag Library
5.2
security
http://www.springframework.org/security/tags
A tag which outputs the body of the tag if the configured access expression
evaluates to true for the currently authenticated principal.
authorize
org.springframework.security.taglibs.authz.JspAuthorizeTag
JSP
A Spring-EL expression which is supported by the WebSecurityExpressionHandler
in the application context. The latter will be used to evaluate the expression.
access
false
true
A URL within the application. If the user has access to this URL (as determined by
the AccessDecisionManager), the tag body will be evaluated. If not, it will
be skipped.
url
false
true
Can be used to specify the HTTP method (typically GET or POST) which is used in combination
with the URL when consulting the AccessDecisionManager. Only has any meaning when used in combination
with the "url" attribute. Defaults to GET.
method
false
false
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
var
false
false
Allows access to the current Authentication object.
authentication
org.springframework.security.taglibs.authz.AuthenticationTag
empty
Property of the Authentication object which should be output. Supports nested
properties. For example if the principal object is an instance of UserDetails,
the property "principal.username" will return the username. Alternatively, using
"name" will call getName method on the Authentication object directly.
property
true
true
Name of the exported scoped variable which will contain the
evaluated property of the Authentication object.
var
false
false
Set HTML escaping for this tag, as a boolean value.
htmlEscape
false
true
Scope for var.
scope
false
false
Allows inclusion of a tag body if the current Authentication
has one of the specified permissions to the presented
domain object instance.
accesscontrollist
org.springframework.security.taglibs.authz.AccessControlListTag
JSP
A comma separated list of permissions, which will be converted to
Permission instances by the configured PermissionFactory.
hasPermission
true
true
The actual domain object instance for which permissions
are being evaluated.
domainObject
true
true
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
var
false
false
tags, but if for some reason you cannot use
this tag is a handy replacement. You should place this tag within an HTML block,
where you would normally place other s. Do NOT place this tag within a Spring
block—Spring Security handles Spring forms automatically.
]]>
csrfInput
org.springframework.security.taglibs.csrf.CsrfInputTag
empty
block, where
you would normally place other meta tags. Once you use this tag, you can access the form field name using
the JQuery $("meta[name='_csrf_parameter']").attr("content") and the header name using
$("meta[name='_csrf_header']").attr("content"). Likewise, you can access the token value with
$("meta[name='_csrf']").attr("content"). You should use a form field when creating and submitting forms from
JavaScript, and you should use a header when sending AJAX requests. If CSRF protection is not enabled, this
tag outputs nothing.
]]>
csrfMetaTags
org.springframework.security.taglibs.csrf.CsrfMetaTagsTag
empty