Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Spring Security JSP Tags <sec:authorize access="hasRole('')"> not working

We are trying to implement some functionality to our web app. We are using Spring Framework v4.1.1 and Spring Security v3.1.7 for a Web App. We are using a custom authentication provider for our authentication process, everything works fine, but when we try to hide some content for a specific role in a page using the JSP tag from Spring Security it doesn't work.

Here is our security-conf.xml:

<http pattern="/resources/**" security="none" />

<http use-expressions="true">
    <form-login login-page="/login" authentication-failure-url="/loginerroneo"
        default-target-url="/seleccionar-empresa" always-use-default-target="true"/>
    <logout logout-success-url="/login" logout-url="/salir"/>
    <session-management invalid-session-url="/login" />
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
    </authentication-provider>
</authentication-manager>

<global-method-security pre-post-annotations="enabled"/>

<beans:bean id="userDetailsService" class="com.grupo.seguridad.acceso.service.impl.UserDetailsServiceAdapater"/>

When we use this tag <sec:authentication property="principal.authorities"/> in our Page we got [VENDEDOR, ADMINISTRADOR] wich is correct.

but when we tried to hide some content of a page using the tag:

<sec:authorize access="hasRole('ADMINISTRADOR')">
   <button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
      <i class="icon-hdd"></i> <strong>Una Opcion</strong>
    </button>
</sec:authorize>

It does not work.

We don't know what we are doing wrong.

like image 831
GeralDo Avatar asked Oct 16 '14 17:10

GeralDo


2 Answers

try this,

 <security:authorize ifAnyGranted="ADMINISTRADOR">
    <button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
          <i class="icon-hdd"></i> <strong>Una Opcion</strong>
        </button>
    </security:authorize>
like image 150
Chirag Kevadiya Avatar answered Nov 19 '22 14:11

Chirag Kevadiya


I´m using Spring Security 4.2 and couldnt use the hasRole method... But this code works for me:

<security:authorize access="hasAuthority('ROLE_ADMIN')">
you are an admin!
<security:authorize>
like image 1
goblingift Avatar answered Nov 19 '22 15:11

goblingift