Reputation: 990
Spring Security Authorize tag always false
I have about the equivalent to the following in my jsp. Neither here nor there are displayed!
My first foray into Spring Security 3.0.5. I've used 3.0.3 without issue.
<sec:authorize ifNotGranted="ROLE_ACTIVE">
here
</sec:authorize>
<sec:authorize ifAnyGranted="ROLE_ACTIVE">
there
</sec:authorize>
Upvotes: 5
Views: 7142
Answers (3)
Reputation: 990
Thanks for the insights. I found it was because of the ordering of the filter-mappings. Spring security needs to come before Sitemesh.
Not sure how anyone could have gotten that without me publishing so many seemingly trivial details on the project.
I'll know to post the web.xml in the future. Probably just pay more attention to that being a source of problems.
Upvotes: 7
Reputation: 1262
If you setted filters='none' for the jsp page and writing above code on the same jsp then your authorize tag will always return false.
you can refer this question, your problem may be same I belive.
Spring security login/logout url related issue
If your problem is different then can you elaborate more on your security configuration.
Upvotes: 1
Reputation: 26584
Looks like ifNotGranted and ifAnyGranted are deprecated in favor of the access expression. Try something like
<sec:authorize access="hasRole('ROLE_ACTIVE')">here</sec:authorize>
Upvotes: 1
Related Questions
- Spring Security Authorize Tag - HTTP Status 500
- Spring security jsp authorize tag not working
- Spring Security sec:authorize tag using Java Config
- Spring Security sec:authorize throw exception
- spring security authentication not working
- Spring security not authorizing user
- spring security not working on preAuthorize
- Spring security. authorize doesn't work on jsp
- Spring Security authentication is ignored
- Error using Spring authorize tag to check to see if user is logged in?