Announcement Announcement Module
No announcement yet.
Security tags not working? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security tags not working?

    Hello, I've been using Spring Security (1.x) with an old project with no problems, but now I have ported the security code to a new project, with Spring Security 2.0.5, and seems like the tags don't work:

    In my JSP:
    <%@ taglib uri="" prefix="sec"%>
    <div id="user_info">
        <sec:authentication property="principal.authorities"/> 
        <sec:authentication property="principal.lastname" /> 
        <sec:authentication property="principal.username" /> &nbsp; 
    The tags don't show anything, and if I debug through the source code, it's like the SecurityContext is not in the session. However, the ${SPRING_SECURITY_CONTEXT.authentication.principal .username} expression shows the correct username of the logged in user:

    My Spring Security configuration is quite simple, but I don't think it has something to do with this problem:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns=""
        <http auto-config="true"  access-decision-manager-ref="accessDecisionManager">
            <form-login login-page="/jsp/login.jsp"/>
            <intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS, ROLE_USER" />
            <intercept-url pattern="/jsp/login.jsp" filters="none"/>
            <intercept-url pattern="/menu/MenuGenerator.action" access="ROLE_ANONYMOUS, ROLE_USER" />
            <intercept-url pattern="/**/*.action" access="ROLE_USER" />
            <intercept-url pattern="/**/*.jsp" access="ROLE_USER" />
        <authentication-provider user-service-ref="userService" >
            <password-encoder ref="passEncoder"/>
        <beans:bean id="passEncoder" class=""/>
        <beans:bean id="accessDecisionManager" class="">
            <beans:property name="allowIfAllAbstainDecisions" value="false"/>
            <beans:property name="decisionVoters">
                    <beans:bean class="com.playjam.webuser.impl.AdministratorVoter"/>
                    <beans:bean class=""/>
                    <beans:bean class=""/>
    The log seems to be normal to me:
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Converted URL to lowercase, from: '/menu/menugenerator.action'; to: '/menu/menugenerator.action'
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Candidate is: '/menu/menugenerator.action'; pattern is /index.jsp; matched=false
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Candidate is: '/menu/menugenerator.action'; pattern is /menu/menugenerator.action; matched=true
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Secure object: FilterInvocation: URL: /menu/MenuGenerator.action; ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER]
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Previously Authenticated: Principal: com.playjam.webuser.PlayJamUser@3ad4f000: Username: asarco; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: RemoteIpAddress:; SessionId: DEE2653B1CEFE29CF58D47C179C1B224; Granted Authorities: ROLE_ADMIN, ROLE_USER
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - Authorization successful
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - RunAsManager did not change Authentication object
    2009-12-29 16:37:47,961 [http-8080-5] DEBUG  - /menu/MenuGenerator.action reached end of additional filter chain; proceeding with original chain
    However this piece looks like the SecurityContext is being cleared, however not being removed from the session:
    2009-12-29 16:37:47,994 [http-8080-5] DEBUG  - SecurityContextHolder now cleared, as request processing completed
    Any ideas?