SEC-1836: use GET as the default method with authorize tag.

2011-10-31 23:23:37 +00:00 · 2011-10-31 23:23:37 +00:00 · fc399af136
parent 2f67bb3032
commit fc399af136
2 changed files with 4 additions and 3 deletions
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@ -61,7 +61,7 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
 public abstract class AbstractAuthorizeTag {
    private String access;
    private String url;
-    private String method;
+    private String method = "GET";
    private String ifAllGranted;
    private String ifAnyGranted;
    private String ifNotGranted;
--- a/taglibs/src/main/resources/META-INF/security.tld
+++ b/taglibs/src/main/resources/META-INF/security.tld
@ -42,8 +42,9 @@

        <attribute>
            <description>
-                Can optionally be used to narrow down the HTTP method (typically GET or POST) to which the URL
-                applies to. Only has any meaning when used in combination with the "url" attribute.
+                Can be used to narrow down the HTTP method (typically GET or POST) to which the URL
+                applies. Only has any meaning when used in combination with the "url" attribute. This method will
+                be used when looking up the security metadata for the URL. Defaults to GET.
            </description>
            <name>method</name>
            <required>false</required>