Monday, November 19, 2012

Spring Security Tags in JSP and Sitemesh

If you are facing problem with the usage of any of the below tags 

<sec:authorize access="isAuthenticated()"></sec:authorize>
<sec:authorize url="/admin/users"></sec:authorize>

in your JSP despite including the security tag library or TLD

<%@ taglib prefix="sec" uri="" %>

There could be 2 possible reasons:

  1. The security tld which you are referencing could be old. Try and update to the TLD to the correct version of spring-security-web which you are referencing in your project. You can find the latest TLD here.
  2. After updating the tag library, if you still face any issue, then check the web.xml file for the order of filter definitions. The order of filter definitions: 
    1. Spring Container related 
    2. Spring Security 
    3. Sitemesh. 
    4. Thumb-rule being Spring Security Filter *ALWAYS* needs to be defined before Sitemesh

//Spring Security Mapping

//Sitemesh Mapping

Labels: , , , ,


Post a Comment

<< Home