Joakim Kemeny (Migrated from SEC-1456) said:
The security:authorize tablib doesn't allow you to use runtime expresssions for the url-attribute. This prevents us from using code like the following snippet:
My suggestion is to set rtexprvalue to true for the url-attribute.
Luke Taylor said:
Makes sense. Applied in 3.0.x and master branches.
Gert Buys said:
What if you wanted to have JSP EL in something like ? Is it considered best practice to turn to the url attribute instead and link the url to roles in intercept-url? The access attribute seems rather inflexible then.