|
@@ -1,6 +1,7 @@
|
|
|
package org.springframework.security.taglibs.authz;
|
|
|
|
|
|
import java.io.IOException;
|
|
|
+import java.util.*;
|
|
|
|
|
|
import javax.servlet.ServletContext;
|
|
|
import javax.servlet.ServletRequest;
|
|
@@ -9,7 +10,19 @@ import javax.servlet.jsp.JspException;
|
|
|
import javax.servlet.jsp.PageContext;
|
|
|
import javax.servlet.jsp.tagext.Tag;
|
|
|
|
|
|
+import org.springframework.expression.BeanResolver;
|
|
|
+import org.springframework.expression.ConstructorResolver;
|
|
|
+import org.springframework.expression.EvaluationContext;
|
|
|
+import org.springframework.expression.MethodResolver;
|
|
|
+import org.springframework.expression.OperatorOverloader;
|
|
|
+import org.springframework.expression.PropertyAccessor;
|
|
|
+import org.springframework.expression.TypeComparator;
|
|
|
+import org.springframework.expression.TypeConverter;
|
|
|
+import org.springframework.expression.TypeLocator;
|
|
|
+import org.springframework.expression.TypedValue;
|
|
|
+import org.springframework.security.access.expression.SecurityExpressionHandler;
|
|
|
import org.springframework.security.taglibs.TagLibConfig;
|
|
|
+import org.springframework.security.web.FilterInvocation;
|
|
|
import org.springframework.web.util.ExpressionEvaluationUtils;
|
|
|
|
|
|
/**
|
|
@@ -60,6 +73,11 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ @Override
|
|
|
+ protected EvaluationContext createExpressionEvaluationContext(SecurityExpressionHandler<FilterInvocation> handler) {
|
|
|
+ return new PageContextVariableLookupEvaluationContext(super.createExpressionEvaluationContext(handler));
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* Default processing of the end tag returning EVAL_PAGE.
|
|
|
*
|
|
@@ -126,4 +144,62 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
|
|
|
return pageContext.getServletContext();
|
|
|
}
|
|
|
|
|
|
+ private final class PageContextVariableLookupEvaluationContext implements EvaluationContext {
|
|
|
+
|
|
|
+ private EvaluationContext delegate;
|
|
|
+
|
|
|
+ private PageContextVariableLookupEvaluationContext(EvaluationContext delegate) {
|
|
|
+ this.delegate = delegate;
|
|
|
+ }
|
|
|
+
|
|
|
+ public TypedValue getRootObject() {
|
|
|
+ return delegate.getRootObject();
|
|
|
+ }
|
|
|
+
|
|
|
+ public List<ConstructorResolver> getConstructorResolvers() {
|
|
|
+ return delegate.getConstructorResolvers();
|
|
|
+ }
|
|
|
+
|
|
|
+ public List<MethodResolver> getMethodResolvers() {
|
|
|
+ return delegate.getMethodResolvers();
|
|
|
+ }
|
|
|
+
|
|
|
+ public List<PropertyAccessor> getPropertyAccessors() {
|
|
|
+ return delegate.getPropertyAccessors();
|
|
|
+ }
|
|
|
+
|
|
|
+ public TypeLocator getTypeLocator() {
|
|
|
+ return delegate.getTypeLocator();
|
|
|
+ }
|
|
|
+
|
|
|
+ public TypeConverter getTypeConverter() {
|
|
|
+ return delegate.getTypeConverter();
|
|
|
+ }
|
|
|
+
|
|
|
+ public TypeComparator getTypeComparator() {
|
|
|
+ return delegate.getTypeComparator();
|
|
|
+ }
|
|
|
+
|
|
|
+ public OperatorOverloader getOperatorOverloader() {
|
|
|
+ return delegate.getOperatorOverloader();
|
|
|
+ }
|
|
|
+
|
|
|
+ public BeanResolver getBeanResolver() {
|
|
|
+ return delegate.getBeanResolver();
|
|
|
+ }
|
|
|
+
|
|
|
+ public void setVariable(String name, Object value) {
|
|
|
+ delegate.setVariable(name, value);
|
|
|
+ }
|
|
|
+
|
|
|
+ public Object lookupVariable(String name) {
|
|
|
+ Object result = delegate.lookupVariable(name);
|
|
|
+
|
|
|
+ if (result == null) {
|
|
|
+ result = pageContext.findAttribute(name);
|
|
|
+ }
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
}
|