Announcement Announcement Module
Collapse
No announcement yet.
I can't use sec:authorize Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • I can't use sec:authorize

    I have a JSF 2 page based on Facelets and use Spring Security 3.0.5 behind the application. When I put some tags like this within my page:

    Code:
    <sec:authorize  access="hasRole('SS')" >
    <h:outputText value="X" />
    </sec:authorize>
    the X will display at runtime anyway with any role. The auto completion feature of my eclipse work correctly to show the "sec:" tags and their properties at programming time. what's the problem?

    The source of rendered html is like this:

    Code:
    <sec:authorize access="hasRole('SS')">X</sec:authorize>
    This is the jar file that is in my WEB-INF/lib/:
    http://search.maven.org/remoteconten....5.RELEASE.jar

  • #2
    JSF integration seems broken. A working 3.0.5 project breaks just by updating versions of spring-security-web, spring-security-config and spring-security-taglibs from 3.0.5.RELEASE to 3.1.0.RC2 and the schema in application context from spring-security-3.0.xsd to spring-security-3.1.xsd.

    Error log shows:

    java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.

    Comment


    • #3
      Originally posted by nazila View Post
      I have a JSF 2 page based on Facelets and use Spring Security 3.0.5 behind the application. When I put some tags like this within my page:
      ...
      Please do not post the same question in multiple places.

      Comment


      • #4
        Originally posted by stigto View Post
        JSF integration seems broken. A working 3.0.5 project breaks just by updating versions of spring-security-web, spring-security-config and spring-security-taglibs from 3.0.5.RELEASE to 3.1.0.RC2 and the schema in application context from spring-security-3.0.xsd to spring-security-3.1.xsd.

        Error log shows:

        java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
        While this may have merit I do not think it is relevant to this users problem since they claim to be using 3.0.5. On a side note, if you can provide a sample project that demonstrates the issue I would be happy to take a look at it.

        Comment


        • #5
          I'm sorry, for some reason I thought nazila was using 3.1. Nevertheless, I've put together a rather minimal project based on 3.0.5, which works. Maybe this will be of use to nazila. However, changing the version numbers in the maven pom.xml for the 3 spring security entries from 3.0.5.RELEASE to 3.1.0.RC2 and changing the xsd version for spring security in the applicationContext.xml from spring-security-3.0.xsd to spring-security-3.1.xsd demonstrates the problem.Attachment
          Attached Files

          Comment


          • #6
            Thanks I will have a look at it this weekend when I'm not so busy w/ my day job.

            Comment

            Working...
            X