We are trying to implement some functionality to our web app. We are using Spring Framework v4.1.1 and Spring Security v3.1.7 for a Web App. We are using a custom authentication provider for our authentication process, everything works fine, but when we try to hide some content for a specific role in a page using the JSP tag from Spring Security it doesn't work.
Here is our security-conf.xml:
<http pattern="/resources/**" security="none" />
<http use-expressions="true">
<form-login login-page="/login" authentication-failure-url="/loginerroneo"
default-target-url="/seleccionar-empresa" always-use-default-target="true"/>
<logout logout-success-url="/login" logout-url="/salir"/>
<session-management invalid-session-url="/login" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
</authentication-provider>
</authentication-manager>
<global-method-security pre-post-annotations="enabled"/>
<beans:bean id="userDetailsService" class="com.grupo.seguridad.acceso.service.impl.UserDetailsServiceAdapater"/>
When we use this tag <sec:authentication property="principal.authorities"/>
in our Page we got
[VENDEDOR, ADMINISTRADOR] wich is correct.
but when we tried to hide some content of a page using the tag:
<sec:authorize access="hasRole('ADMINISTRADOR')">
<button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
<i class="icon-hdd"></i> <strong>Una Opcion</strong>
</button>
</sec:authorize>
It does not work.
We don't know what we are doing wrong.
try this,
<security:authorize ifAnyGranted="ADMINISTRADOR">
<button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
<i class="icon-hdd"></i> <strong>Una Opcion</strong>
</button>
</security:authorize>
I´m using Spring Security 4.2 and couldnt use the hasRole method... But this code works for me:
<security:authorize access="hasAuthority('ROLE_ADMIN')">
you are an admin!
<security:authorize>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With