Spring Security Authorize tag always false
I have about the equivalent to the following in my jsp. Neither here nor there are displayed!
My first foray into Spring Security 3.0.5. I've used 3.0.3 without issue.
<sec:authorize ifNotGranted="ROLE_ACTIVE">
here
</sec:authorize>
<sec:authorize ifAnyGranted="ROLE_ACTIVE">
there
开发者_运维技巧</sec:authorize>
Thanks for the insights. I found it was because of the ordering of the filter-mappings. Spring security needs to come before Sitemesh.
Not sure how anyone could have gotten that without me publishing so many seemingly trivial details on the project.
I'll know to post the web.xml in the future. Probably just pay more attention to that being a source of problems.
Looks like ifNotGranted and ifAnyGranted are deprecated in favor of the access expression. Try something like
<sec:authorize access="hasRole('ROLE_ACTIVE')">here</sec:authorize>
If you setted filters='none' for the jsp page and writing above code on the same jsp then your authorize tag will always return false.
you can refer this question, your problem may be same I belive.
Spring security login/logout url related issue
If your problem is different then can you elaborate more on your security configuration.
精彩评论