Following a suggestion from Scott Evans, added support for EL in the authz tag

library:
http://www.mail-archive.com/acegisecurity-developer%40lists.sourceforge.net/msg00189.html

* lib/spring/spring-mock.jar:
  Added Spring's 1.0.2 mock JAR.

* test/net/sf/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java:
  New tests to assert that the taglib recognizes and parses EL expressions.

* src/net/sf/acegisecurity/taglibs/authz/AuthorizeTag.java:
  Implemented AuthorizeTagExpressionLanguageTests by using Spring's
  ExpressionEvaluationUtils.

core/src/main/java/org/acegisecurity/taglibs/authz/AuthorizeTag.java

@@ -20,11 +20,12 @@ import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.context.SecureContext;
 
-import java.util.*;
-
 import javax.servlet.jsp.JspException;
 import javax.servlet.jsp.tagext.Tag;
 import javax.servlet.jsp.tagext.TagSupport;
+import java.util.*;
+
+import org.springframework.web.util.ExpressionEvaluationUtils;
 
 
 /**
@@ -43,7 +44,7 @@ public class AuthorizeTag extends TagSupport {
 
     //~ Methods ================================================================
 
-    public void setIfAllGranted(String ifAllGranted) {
+    public void setIfAllGranted(String ifAllGranted) throws JspException {
         this.ifAllGranted = ifAllGranted;
     }
 
@@ -51,7 +52,7 @@ public class AuthorizeTag extends TagSupport {
         return ifAllGranted;
     }
 
-    public void setIfAnyGranted(String ifAnyGranted) {
+    public void setIfAnyGranted(String ifAnyGranted) throws JspException {
         this.ifAnyGranted = ifAnyGranted;
     }
 
@@ -59,7 +60,7 @@ public class AuthorizeTag extends TagSupport {
         return ifAnyGranted;
     }
 
-    public void setIfNotGranted(String ifNotGranted) {
+    public void setIfNotGranted(String ifNotGranted) throws JspException {
         this.ifNotGranted = ifNotGranted;
     }
 
@@ -69,31 +70,43 @@ public class AuthorizeTag extends TagSupport {
 
     public int doStartTag() throws JspException {
         if (((null == ifAllGranted) || "".equals(ifAllGranted))
-            && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
-            && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
+                && ((null == ifAnyGranted) || "".equals(ifAnyGranted))
+                && ((null == ifNotGranted) || "".equals(ifNotGranted))) {
             return Tag.SKIP_BODY;
         }
 
         final Collection granted = getPrincipalAuthorities();
 
-        if ((null != ifNotGranted) && !"".equals(ifNotGranted)) {
-            Set grantedCopy = retainAll(granted,
-                    parseAuthoritiesString(ifNotGranted));
+        final String evaledIfNotGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifNotGranted", ifNotGranted, pageContext);
+        if ((null != evaledIfNotGranted) && !"".equals(evaledIfNotGranted)) {
+            Set grantedCopy = retainAll(
+                    granted,
+                    parseAuthoritiesString(evaledIfNotGranted));
 
             if (!grantedCopy.isEmpty()) {
                 return Tag.SKIP_BODY;
             }
         }
 
-        if ((null != ifAllGranted) && !"".equals(ifAllGranted)) {
-            if (!granted.containsAll(parseAuthoritiesString(ifAllGranted))) {
+        final String evaledIfAllGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifAllGranted", ifAllGranted, pageContext);
+        if ((null != evaledIfAllGranted) && !"".equals(evaledIfAllGranted)) {
+            if (!granted.containsAll(
+                    parseAuthoritiesString(evaledIfAllGranted))) {
                 return Tag.SKIP_BODY;
             }
         }
 
-        if ((null != ifAnyGranted) && !"".equals(ifAnyGranted)) {
-            Set grantedCopy = retainAll(granted,
-                    parseAuthoritiesString(ifAnyGranted));
+        final String evaledIfAnyGranted =
+                ExpressionEvaluationUtils.evaluateString(
+                        "ifAnyGranted", ifAnyGranted, pageContext);
+        if ((null != evaledIfAnyGranted) && !"".equals(evaledIfAnyGranted)) {
+            Set grantedCopy = retainAll(
+                    granted,
+                    parseAuthoritiesString(evaledIfAnyGranted));
 
             if (grantedCopy.isEmpty()) {
                 return Tag.SKIP_BODY;
@@ -135,7 +148,7 @@ public class AuthorizeTag extends TagSupport {
     }
 
     private Set retainAll(final Collection granted,
-        final Set requiredAuthorities) {
+                          final Set requiredAuthorities) {
         Set grantedCopy = new HashSet(granted);
         grantedCopy.retainAll(requiredAuthorities);
 

core/src/test/java/org/acegisecurity/taglibs/authz/AuthorizeTagExpressionLanguageTests.java

@@ -0,0 +1,78 @@
+package net.sf.acegisecurity.taglibs.authz;
+
+import junit.framework.TestCase;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.context.ContextHolder;
+import net.sf.acegisecurity.context.SecureContextImpl;
+import net.sf.acegisecurity.providers.TestingAuthenticationToken;
+import org.springframework.mock.web.MockPageContext;
+
+import javax.servlet.jsp.JspException;
+import javax.servlet.jsp.tagext.Tag;
+
+/**
+ * Test case to implement commons-el expression language expansion.
+ */
+public class AuthorizeTagExpressionLanguageTests extends TestCase {
+    //~ Instance fields ========================================================
+
+    private final AuthorizeTag authorizeTag = new AuthorizeTag();
+    private SecureContextImpl context;
+    private TestingAuthenticationToken currentUser;
+    private MockPageContext pageContext;
+
+    //~ Methods ================================================================
+
+    public void testAllGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfAllGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
+    }
+
+    public void testAnyGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfAnyGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.EVAL_BODY_INCLUDE, authorizeTag.doStartTag());
+    }
+
+    public void testNotGrantedUsesExpressionLanguageWhenExpressionIsEL()
+            throws JspException {
+        pageContext.setAttribute("authority", "ROLE_TELLER");
+        authorizeTag.setIfNotGranted("${authority}");
+
+        assertEquals(
+                "allows body - authority var contains ROLE_TELLER",
+                Tag.SKIP_BODY, authorizeTag.doStartTag());
+    }
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        pageContext = new MockPageContext();
+        authorizeTag.setPageContext(pageContext);
+
+        currentUser = new TestingAuthenticationToken(
+                "abc", "123",
+                new GrantedAuthority[]{
+                    new GrantedAuthorityImpl("ROLE_TELLER"),
+                });
+
+        context = new SecureContextImpl();
+        context.setAuthentication(currentUser);
+
+        ContextHolder.setContext(context);
+    }
+
+    protected void tearDown() throws Exception {
+        ContextHolder.setContext(null);
+    }
+}