Migrated from SEC-1033
Luke Taylor said:
This is essentially done and the tutorial sample is using expressions to protect its Urls. A WebSecurityExpressionRoot class is used as the root for web expressions and a WebExpressionVoter performs the evaluation. Expressions can be enabled through the namespace element, in which case they must be used for all access attributes in elements. Further enhancements will be needed (such as easy plugin functionality for user functions), but these will be raised as separate issues as they occur.