Announcement Announcement Module
No announcement yet.
authorize JSP tag not working on WebSphere 6.1 Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • authorize JSP tag not working on WebSphere 6.1


    I am using Spring 2.5.5, Spring Security 2.0.4 in a Spring MVC web app which needs to run on WebSphere 6.1 ( patch level). This webapp works fine on Tomcat 6 which is my development environment. Web app security is configured using <security:http auto-config="true"> setup, nothing fancy.

    JSP pages of this app use security:authorize tags in jsp files to show/hide content like this:
    <security:authorize ifAnyGranted="ROLE_myapp_Admin">
    Some content...
    The security:authorize tags work perfectly on Tomcat 6, but stop working on Websphere 6.1. The strange thing is all the rest of Spring Security functionality works just fine on Websphere ( - the security filters, login form, authentication and code-level authorization work fine. The principal does get loaded and it's authorizations are available. Only the Spring Security authorize JSP tag doesn not work. No errors are logged either, only the content inside the authorize tags is always missing.

    I have tried this on different patch levels - from to and still no luck. If anyone has any ideas I would appreciate any hints.

    BTW, other JSTL and Spring taglibs work just fine, for example the new spring form tags work.

    Thanks for any help...

  • #2
    Jstl taglib uri is the culprit

    Well it turned out the problem had NOTHING to do with Spring Security tags - they work just fine. All of my content inside Spring authorize tags was wrapped inside JSTL c:if tags and such, and the issue was with JSTL tags after all.

    To use JSTL tags on WebSphere 6.1 you need to declare JSTL taglibs like this in your jsp files:
    <%@ taglib prefix="c" uri="" %>
    and NOT like this:
    <%@ taglib prefix="c" uri="" %>
    (note the URI difference). The second form is what Tomcat needs.

    Hope this helps someone.