StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSpring Security 3.1 and JSP taglibs not working
text
Body
copied!<p>The Spring Security Docs ( <a href="http://static.springsource.org/spring-security/site/docs/3.1.x/reference/taglibs.html#d0e6875" rel="nofollow">http://static.springsource.org/spring-security/site/docs/3.1.x/reference/taglibs.html#d0e6875</a> ) says the following:</p> <p>You can use the security taglibs to authorize access by URLs like so:</p> <blockquote> <p><code><sec:authorize url="/admin"></code> This content will only be visible to users who are authorized to send requests to the "/admin" URL. <code></sec:authorize></code></p> </blockquote> <p>To use this tag there must also be an instance of WebInvocationPrivilegeEvaluator in your application context. <strong>If you are using the namespace, one will automatically be registered</strong>.</p> <p>OK, now...</p> <p>I just upgraded from Spring Security 3.0 to 3.1</p> <p>In SS 3.0, the JSP tags using URL based access worked perfectly. When dropping in the 3.1 jars, it stopped working.</p> <p>I am using the Spring Security namespace. Therefore, I <strong>should</strong> have everything required to make the JSP tags work, but they don't. Everything else about the configuration is working with my application. The <strong>only</strong> thing not working is URL-based access with the JSP tags.</p> <p>My config looks like the following (updated for SS 3.1). What am I missing?</p> <pre><code><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:global-method-security secured-annotations="enabled"/> <security:http pattern="/feed/**" create-session="stateless" entry-point-ref="digestEntryPoint" authentication-manager-ref="webAuthenticationManager" use-expressions="true"> <security:http-basic/> <custom-filter ref="digestFilter" after="BASIC_AUTH_FILTER" /> </security:http> <security:http name="webHttp" auto-config="true" use-expressions="true" authentication-manager-ref="webAuthenticationManager">  <security:intercept-url pattern="/auth/login" access="permitAll" /> <security:intercept-url pattern="/auth/autologin" access="permitAll" /> <security:intercept-url pattern="/auth/logout" access="isAuthenticated()" /> <security:intercept-url pattern="/auth/loginSuccess" access="" />  <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />  <security:form-login login-page="/auth/login" login-processing-url="/auth/loginProcess" default-target-url="/auth/loginSuccess" authentication-failure-url="/auth/login?error=1" /> <security:logout logout-url="/auth/logout" logout-success-url="/" /> <security:remember-me key="remembermekey" user-service-ref="userDetailsService"/> <security:session-management invalid-session-url="/auth/login"/> </security:http> <beans:bean id="digestFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="authenticationEntryPoint" ref="digestEntryPoint" /> </beans:bean> <beans:bean id="digestEntryPoint" class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint"> <beans:property name="realmName" value="Contacts Realm via Digest Authentication" /> <beans:property name="key" value="acegi" /> </beans:bean> <security:authentication-manager id="webAuthenticationManager" alias="webAuthenticationManager"> <security:authentication-provider user-service-ref="userDetailsService"> <security:password-encoder hash="md5"/> </security:authentication-provider> </security:authentication-manager> </beans:beans> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload