Spring 3.1 Security is ignored on HTML...

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Spring 3.1 Security is ignored on HTML...

PaulKuhn
Hi all,

I have a Web application with Spring 3.1 and Spring 3.1 Security and on the Homepage I have this code snippet (for testing):

	<div sec:authorize="hasRole('ROLE_ADMIN')">This content is only shown to administrators.</div>
	<div sec:authorize="hasRole('ROLE_USER')">This content will only be visible to users who have the 'ROLE_USER'
		authority in their list of GrantedAuthority</div>

	<div sec:authorize="isAuthenticated()">
		Current authenticated user:
		Logged user: <span sec:authentication="name">Bob</span>
		Roles: <span sec:authentication="principal.authorities">[ROLE_USER, ROLE_ADMIN]</span>
	</div>


However, the output when rendering the HTML when a user is not yet authenticated is this:

This content is only shown to administrators.
This content will only be visible to users who have the 'ROLE_USER' authority in their list of GrantedAuthority

Current authenticated user:
Logged user: Bob
Roles: [ROLE_USER, ROLE_ADMIN] 


It looks as the "sec:auth..." attributes are ignored.
Any idea what I am doing wrong here?

Thanks.
Paul
Reply | Threaded
Open this post in threaded view
|

Re: Spring 3.1 Security is ignored on HTML...

Zemi
Administrator
Have you added the security dialect to the template engine configuration?

See the example configuration.

Reply | Threaded
Open this post in threaded view
|

Re: Spring 3.1 Security is ignored on HTML...

PaulKuhn
No, this was exactly what was missing! I have overseen the security dialect. Now it works great!
Thanks a lot for the very quick response, Zemi!

Paul