Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1675: Add missing body-content elements to tag descriptor and update it to use 2.0 tag library schema.

This commit is contained in:
Luke Taylor 2011-02-14 21:17:16 +00:00
parent 088042b3d0
commit 94b7868039
2 changed files with 118 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
itest/web/src/main/webapp/WEB-INF/security.tld
View File

@ -1,174 +1,178 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE taglib
PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN"
"http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>1.0</tlib-version>
<jsp-version>1.2</jsp-version>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>Spring Security Authorization Tag Library</description>
<tlib-version>3.1</tlib-version>
<short-name>security</short-name>
<uri>http://www.springframework.org/security/tags</uri>
<description>
Spring Security Authorization Tag Library
</description>
<tag>
<name>authorize</name>
<tag-class>org.springframework.security.taglibs.authz.JspAuthorizeTag</tag-class>
<description>
A tag which outputs the body of the tag if the configured access expression
evaluates to true for the currently authenticated principal.
</description>
<name>authorize</name>
<tag-class>org.springframework.security.taglibs.authz.JspAuthorizeTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>access</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A Spring-EL expression which is supported by the WebSecurityExpressionHandler
in the application context. The latter will be used to evaluate the expression.
</description>
<name>access</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>url</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A URL within the application. If the user has access to this URL (as determined by
the AccessDecisionManager), the tag body will be evaluated. If not, it will
be skipped.
</description>
<name>url</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>method</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Can optionally be used to narrow down the HTTP method (typically GET or POST) to which the URL
applies to. Only has any meaning when used in combination with the "url" attribute.
</description>
<name>method</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<name>ifNotGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must not have
for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifNotGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>ifAllGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must all
possess for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifAllGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>ifAnyGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles, one of which the user must
possess for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifAnyGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>authentication</name>
<tag-class>org.springframework.security.taglibs.authz.AuthenticationTag</tag-class>
<description>
Allows access to the current Authentication object.
</description>
<name>authentication</name>
<tag-class>org.springframework.security.taglibs.authz.AuthenticationTag</tag-class>
<body-content>empty</body-content>
<attribute>
<name>property</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<description>
Property of the Authentication object which should be output. Supports nested
properties. For example if the principal object is an instance of UserDetails,
the property "principal.username" will return the username. Alternatively, using
"name" will call getName method on the Authentication object directly.
</description>
<name>property</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Name of the exported scoped variable which will contain the
evaluated property of the Authentication object.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<description>Set HTML escaping for this tag, as a boolean value.</description>
<description>
Set HTML escaping for this tag, as a boolean value.
</description>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>scope</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Scope for var.
</description>
<name>scope</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>
<tag>
<name>accesscontrollist</name>
<tag-class>org.springframework.security.taglibs.authz.AccessControlListTag</tag-class>
<description>
Allows inclusion of a tag body if the current Authentication
has one of the specified permissions to the presented
domain object instance.
</description>
<name>accesscontrollist</name>
<tag-class>org.springframework.security.taglibs.authz.AccessControlListTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>hasPermission</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of permissions, which will be converted to
Permission instances by the configured PermissionFactory.
</description>
</attribute>
<attribute>
<name>domainObject</name>
<name>hasPermission</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<description>
The actual domain object instance for which permissions
are being evaluated.
</description>
<name>domainObject</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>

114
taglibs/src/main/resources/META-INF/security.tld
View File

@ -1,174 +1,178 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE taglib
PUBLIC "-//Sun Microsystems, Inc.//DTD JSP Tag Library 1.2//EN"
"http://java.sun.com/dtd/web-jsptaglibrary_1_2.dtd">
<taglib>
<tlib-version>1.1.1</tlib-version>
<jsp-version>1.2</jsp-version>
<taglib xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"
version="2.0">
<description>Spring Security Authorization Tag Library</description>
<tlib-version>3.1</tlib-version>
<short-name>security</short-name>
<uri>http://www.springframework.org/security/tags</uri>
<description>
Spring Security Authorization Tag Library
</description>
<tag>
<name>authorize</name>
<tag-class>org.springframework.security.taglibs.authz.JspAuthorizeTag</tag-class>
<description>
A tag which outputs the body of the tag if the configured access expression
evaluates to true for the currently authenticated principal.
</description>
<name>authorize</name>
<tag-class>org.springframework.security.taglibs.authz.JspAuthorizeTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>access</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A Spring-EL expression which is supported by the WebSecurityExpressionHandler
in the application context. The latter will be used to evaluate the expression.
</description>
<name>access</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>url</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A URL within the application. If the user has access to this URL (as determined by
the AccessDecisionManager), the tag body will be evaluated. If not, it will
be skipped.
</description>
<name>url</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>method</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Can optionally be used to narrow down the HTTP method (typically GET or POST) to which the URL
applies to. Only has any meaning when used in combination with the "url" attribute.
</description>
<name>method</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<name>ifNotGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must not have
for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifNotGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>ifAllGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles which the user must all
possess for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifAllGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>ifAnyGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of roles, one of which the user must
possess for the body to be output. Deprecated in favour of the access expression.
</description>
<name>ifAnyGranted</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>authentication</name>
<tag-class>org.springframework.security.taglibs.authz.AuthenticationTag</tag-class>
<description>
Allows access to the current Authentication object.
</description>
<name>authentication</name>
<tag-class>org.springframework.security.taglibs.authz.AuthenticationTag</tag-class>
<body-content>empty</body-content>
<attribute>
<name>property</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<description>
Property of the Authentication object which should be output. Supports nested
properties. For example if the principal object is an instance of UserDetails,
the property "principal.username" will return the username. Alternatively, using
"name" will call getName method on the Authentication object directly.
</description>
<name>property</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Name of the exported scoped variable which will contain the
evaluated property of the Authentication object.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
<attribute>
<description>
Set HTML escaping for this tag, as a boolean value.
</description>
<name>htmlEscape</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
<description>Set HTML escaping for this tag, as a boolean value.</description>
</attribute>
<attribute>
<name>scope</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
Scope for var.
</description>
<name>scope</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>
<tag>
<name>accesscontrollist</name>
<tag-class>org.springframework.security.taglibs.authz.AccessControlListTag</tag-class>
<description>
Allows inclusion of a tag body if the current Authentication
has one of the specified permissions to the presented
domain object instance.
</description>
<name>accesscontrollist</name>
<tag-class>org.springframework.security.taglibs.authz.AccessControlListTag</tag-class>
<body-content>JSP</body-content>
<attribute>
<name>hasPermission</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
<description>
A comma separated list of permissions, which will be converted to
Permission instances by the configured PermissionFactory.
</description>
</attribute>
<attribute>
<name>domainObject</name>
<name>hasPermission</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<description>
The actual domain object instance for which permissions
are being evaluated.
</description>
<name>domainObject</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
<description>
A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the
same condition to be reused subsequently in the page without re-evaluation.
</description>
<name>var</name>
<required>false</required>
<rtexprvalue>false</rtexprvalue>
</attribute>
</tag>