SEC-1456: Allow runtime expressions for security:authorize url-attribute #1696

Closed
spring-issuemaster opened this Issue Apr 7, 2010 · 2 comments

1 participant

@spring-issuemaster

Joakim Kemeny (Migrated from SEC-1456) said:

The security:authorize tablib doesn't allow you to use runtime expresssions for the url-attribute. This prevents us from using code like the following snippet:

...


  • ....

  • /security:authorize
    /c:forEach
    ...

    My suggestion is to set rtexprvalue to true for the url-attribute.

    @spring-issuemaster

    Luke Taylor said:

    Makes sense. Applied in 3.0.x and master branches.

    @spring-issuemaster

    Gert Buys said:

    What if you wanted to have JSP EL in something like ? Is it considered best practice to turn to the url attribute instead and link the url to roles in intercept-url? The access attribute seems rather inflexible then.

    @spring-issuemaster spring-issuemaster added this to the 3.1.0.M1 milestone Feb 5, 2016
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment