Announcement Announcement Module
Collapse
No announcement yet.
Enable expressions/tags without http element? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Enable expressions/tags without http element?

    Is it possible to enable the use of expressions and the associated tags without using the namespace configuration and the http element? I have an otherwise completely configured security implementation without using the namespace.

  • #2
    If you are using the filter-security-metadata-source element to configure your FilterSecurityInterceptor, then that has a "use-expressions" attribute on it, which should pretty much result in the same beans as if you're using the "http" namespace element.

    Otherwise, you could try registering a separate DefaultWebSecurityExpressionHandler bean which the tags would pick up.

    Comment


    • #3
      Thanks for the reply, but I did try both of those suggestions. The tags are not being evaluated. When I view the rendered page source the the tags are included in the page.

      Comment


      • #4
        Originally posted by redflagcto View Post
        Thanks for the reply, but I did try both of those suggestions. The tags are not being evaluated. When I view the rendered page source the the tags are included in the page.
        Do you mean you are seeing the raw JSP tags in the output of the page, or do you mean that the content inside the tags is being shown when it should not be (i.e. it should be hidden due to authorization rules declared by the tag).

        Comment


        • #5
          The raw JSP tags are being shown. It looks like I have a facelets/JSF problem with the security tags. I have double checked my configuration with multiple sources that all give the same directions about enabling the tags for use with facelets, including looking at the showcase application. For some reason the tags are not being parsed. The tag classes are never called and there are no errors.

          Comment


          • #6
            Unfortunately this sounds like an issue not directly related to Spring Security. If you can provide more details on the specific set of UI and deployment technologies you're using, maybe someone can help.

            Comment


            • #7
              I am using latest STS with SpringSource tc Runtime. Java is 1.6. Springframework 3.0.5 with security and MVC, Webflow 2.3.0, myFaces 2.0.4, Tomahawk2 1.1.10.

              I reworked my security-config.xml to use the namespace and now the tags are being parsed, but /root-context/j_spring_security_check is not available.

              It seems like the tags only work with the namespace configuration, but that severely limits the configuration flexibility.

              Comment


              • #8
                Fixed for now.

                I got the j_spring_security_check path working again by adding in the UsernamePasswordAuthenticationFilter filter as a custom filter.

                I stated previously, it seems that the security tags only work with the namespace configuration. Hopefully, this will meet all my needs going forward.

                Comment

                Working...
                X