Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Spring Security JSP Tags <sec:authorize access="hasRole('')"> not working

Tags:

spring-mvc

spring-security

jsp-tags

We are trying to implement some functionality to our web app. We are using Spring Framework v4.1.1 and Spring Security v3.1.7 for a Web App. We are using a custom authentication provider for our authentication process, everything works fine, but when we try to hide some content for a specific role in a page using the JSP tag from Spring Security it doesn't work.

Here is our security-conf.xml:

<http pattern="/resources/**" security="none" />

<http use-expressions="true">
    <form-login login-page="/login" authentication-failure-url="/loginerroneo"
        default-target-url="/seleccionar-empresa" always-use-default-target="true"/>
    <logout logout-success-url="/login" logout-url="/salir"/>
    <session-management invalid-session-url="/login" />
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
    </authentication-provider>
</authentication-manager>

<global-method-security pre-post-annotations="enabled"/>

<beans:bean id="userDetailsService" class="com.grupo.seguridad.acceso.service.impl.UserDetailsServiceAdapater"/>

When we use this tag <sec:authentication property="principal.authorities"/> in our Page we got [VENDEDOR, ADMINISTRADOR] wich is correct.

but when we tried to hide some content of a page using the tag:

<sec:authorize access="hasRole('ADMINISTRADOR')">
   <button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
      <i class="icon-hdd"></i> <strong>Una Opcion</strong>
    </button>
</sec:authorize>

It does not work.

We don't know what we are doing wrong.

like image 831
GeralDo Avatar asked Oct 16 '14 17:10

GeralDo

2 Answers

try this, 

 <security:authorize ifAnyGranted="ADMINISTRADOR">
    <button class="btn btn-small btnGuardar" href="#dlgGuardar" data-toggle="modal">
          <i class="icon-hdd"></i> <strong>Una Opcion</strong>
        </button>
    </security:authorize>
like image 150
Chirag Kevadiya Avatar answered Nov 19 '22 14:11

Chirag Kevadiya

I´m using Spring Security 4.2 and couldnt use the hasRole method... But this code works for me:

<security:authorize access="hasAuthority('ROLE_ADMIN')">
you are an admin!
<security:authorize>
like image 1
goblingift Avatar answered Nov 19 '22 15:11

goblingift
Sign in to Comment

Related questions

@Valid @CustomValidator inside a spring @Service
How can I speed up Spring's form:options tag?
Spring Security MultiHttpSecurity Configuration so that I can perform two types of authentication. JWT Token and Session Cookie
How can I use SimpleFormController with Validator with Spring 3?
Implementing EAV pattern with Hibernate for User -> Settings relationship
JSF + Spring MVC integration everything works but exception is thrown
Spring Convertor or Property editor for conversion of multiple request parameters into an Object?
How can I allow a user override with Spring Security?
Spring Validation - BindingResult
Adding headers to Spring controllers
Looking for an CMS that can be plugged into a Spring MVC Application [closed]
Spring MVC map multiple dynamic form elements with the same name
Invocation of init method failed; nested exception is java.lang.NoClassDefFoundError: org/hibernate/util/DTDEntityResolver
DAO on different application server
Why @ExceptionHandler(MethodArgumentNotValidException.class) is ignored in favour of @ExceptionHandler(Exception.class)
How to get the instances of the WebApplicationContext and DispatcherServlet in the spring-web-mvc at the runtime of an spring web application
How implements Spring Bootstrap and Aspect?
How to make Spring Joda-Time formatter work with nonstandard locales?
Passing JSON objects in a REST HTTP GET request using Spring MVC
Spring MVC returns jsp as text/plain content type

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!