Announcement Announcement Module
Collapse
No announcement yet.
security:authorize ifAllGranted Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • security:authorize ifAllGranted

    hi all...

    i'm trying to hide a button when a user does not have the 'ROLE_SUPERVISOR' role. i used the @Secured annotation on my service impl and that's working great when the user does not have the ROLE_SUPERVISOR role. but, within my view, the button is still being displayed.

    my page is defined as:

    Code:
    <ui:composition xmlns="http://www.w3.org/1999/xhtml"
    	    		xmlns:ui="http://java.sun.com/jsf/facelets"
    	  			xmlns:h="http://java.sun.com/jsf/html"
    	  			xmlns:f="http://java.sun.com/jsf/core"
    	  			xmlns:sf="http://www.springframework.org/tags/faces"	
    	  			xmlns:security="http://www.springframework.org/security/tags"  			
    				template="/WEB-INF/layouts/standard.xhtml">
    
    
    ........
    
    <div class="buttonGroup">
    				<security:authorize ifAllGranted="ROLE_SUPERVISOR">
    					<h:commandButton id="enroll" action="enroll" value="Enroll Employee"/>*
    				</security:authorize>
    				<h:commandButton id="cancel" action="cancel" value="Back to Search"/>
    			</div>
    My security-config:

    Code:
    <security:global-method-security secured-annotations="enabled" />
    
    <security:authentication-provider>
    		<security:password-encoder hash="md5" />
    		<security:user-service>
    			<security:user name="admin" password="xxx" authorities="ROLE_USER, ROLE_SUPERVISOR" />
    			<security:user name="employee" password="xxx" authorities="ROLE_USER" />
    		</security:user-service>
    	</security:authentication-provider>
    i'm using version 2.0.4 of spring-security-taglibs and spring-security-core-tiger and that's included in my deployed war.

    both the 'admin' user and 'employee' user display the 'Enroll Employee' button. I'm sure what i missed or where i can start to debug?

    thanks

  • #2
    it looks like this functionality is not supported based on this:

    http://jira.springframework.org/browse/FACES-34

    would be great if someone from spring can confirm. is this on the roadmap and does anyone have a suggestion around it??

    thanks

    Comment

    Working...
    X