Error using Spring authorize tag to check to see if user is logged in?

Question

Trying to test to see if a user is logged in I am using the following code:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

<sec:authorize access="isAuthenticated()">
   YES, you are logged in!
</sec:authorize>

But I am getting the following erorr?

javax.servlet.jsp.JspException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
        at org.springframework.security.taglibs.authz.AuthorizeTag.getExpressionHandler(AuthorizeTag.java:100)
        at org.springframework.security.taglibs.authz.AuthorizeTag.authorizeUsingAccessExpression(AuthorizeTag.java:58)
        at org.springframework.security.taglibs.authz.AuthorizeTag.doStartTag(AuthorizeTag.java:48)

Answer 1

Setting use-expressions="true" in the http element will work but means all your security settings in both Java code and security contexts must use expression notations. This can be a problem if you are currently using the standard security notations.

To use both expressions and standard notations just declare a new bean in your security context like so -

<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>

Answer 2

To use expressions to secure individual URLs, you would first need to set the use-expressions attribute in the element to true

<http use-expressions="true"> See Spring Security doc