Spring Security Authorization Tag is always false

Question

I have the equivalent of the following in my jsp. Neither here nor there are displayed!

My first release in Spring Security 3.0.5. I used 3.0.3 without any problems.

<sec:authorize ifNotGranted="ROLE_ACTIVE"> here </sec:authorize> <sec:authorize ifAnyGranted="ROLE_ACTIVE"> there </sec:authorize>

+4

Eric Winter Feb 10 '11 at 18:43

3 answers

It seems that ifNotGranted and ifAnyGranted are deprecated in favor of an access expression. Try something like

 <sec:authorize access="hasRole('ROLE_ACTIVE')">here</sec:authorize>

+1

digitaljoel Feb 10 '11 at 18:53

If you set filters = 'none' for the jsp page and wrote the code above on the same jsp above, then your authorize tag will always return false.

you can refer to this question, your problem may be the same as me.

If your problem is different, you can talk more about your security configuration.

+1

Sagar Feb 18 '11 at 15:25

Eric Winter · Accepted Answer · 2011-03-01T21:57:47+0000

Thank you for understanding. I found that this is due to the ordering of the filter mappings. Spring security should appear before Sitemesh.

Not sure how anyone could get this if I hadn’t published so many seemingly trivial details of the project.

I will know how to publish web.xml in the future. Probably just pay more attention to what is causing the problems.