Spring Security Authorization Tag Library 3.1 security http://www.springframework.org/security/tags A tag which outputs the body of the tag if the configured access expression evaluates to true for the currently authenticated principal. authorize org.springframework.security.taglibs.authz.JspAuthorizeTag JSP A Spring-EL expression which is supported by the WebSecurityExpressionHandler in the application context. The latter will be used to evaluate the expression. access false true A URL within the application. If the user has access to this URL (as determined by the AccessDecisionManager), the tag body will be evaluated. If not, it will be skipped. url false true Can be used to specify the HTTP method (typically GET or POST) which is used in combination with the URL when consulting the AccessDecisionManager. Only has any meaning when used in combination with the "url" attribute. Defaults to GET. method false false A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the same condition to be reused subsequently in the page without re-evaluation. var false false A comma separated list of roles which the user must not have for the body to be output. Deprecated in favour of the access expression. ifNotGranted false true A comma separated list of roles which the user must all possess for the body to be output. Deprecated in favour of the access expression. ifAllGranted false true A comma separated list of roles, one of which the user must possess for the body to be output. Deprecated in favour of the access expression. ifAnyGranted false true Allows access to the current Authentication object. authentication org.springframework.security.taglibs.authz.AuthenticationTag empty Property of the Authentication object which should be output. Supports nested properties. For example if the principal object is an instance of UserDetails, the property "principal.username" will return the username. Alternatively, using "name" will call getName method on the Authentication object directly. property true true Name of the exported scoped variable which will contain the evaluated property of the Authentication object. var false false Set HTML escaping for this tag, as a boolean value. htmlEscape false true Scope for var. scope false false Allows inclusion of a tag body if the current Authentication has one of the specified permissions to the presented domain object instance. accesscontrollist org.springframework.security.taglibs.authz.AccessControlListTag JSP A comma separated list of permissions, which will be converted to Permission instances by the configured PermissionFactory. hasPermission true true The actual domain object instance for which permissions are being evaluated. domainObject true true A page scoped variable into which the boolean result of the tag evaluation will be written, allowing the same condition to be reused subsequently in the page without re-evaluation. var false false