SEC-525: [PATCH] Add AccessCheckerTag based on URL resource access permissions. Added functionality to "authorize" tag to allow evaluation of whether a particual url is accessible to the user. Uses a WebInvocationPrivilegeEvaluator registered in the application context.
This commit is contained in:
@@ -11,8 +11,15 @@ If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
|
||||
<p>
|
||||
Your principal object is....: <%= request.getUserPrincipal() %>
|
||||
</p>
|
||||
<p>
|
||||
<sec:authorize url='/secure/index.jsp'>You can currently access "/secure" URLs.</sec:authorize>
|
||||
</p>
|
||||
<p>
|
||||
<sec:authorize url='/secure/extreme/index.jsp'>You can currently access "/secure/extreme" URLs.</sec:authorize>
|
||||
</p>
|
||||
|
||||
<p><a href="secure/index.jsp">Secure page</a></p>
|
||||
<p>
|
||||
<a href="secure/index.jsp">Secure page</a></p>
|
||||
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
|
||||
Reference in New Issue
Block a user