Is it possible to enable the use of expressions and the associated tags without using the namespace configuration and the http element? I have an otherwise completely configured security implementation without using the namespace.
Junior Member
Enable expressions/tags without http element?
Is it possible to enable the use of expressions and the associated tags without using the namespace configuration and the http element? I have an otherwise completely configured security implementation without using the namespace.
Senior Member
Acegi Security System TeamSpring Team
If you are using the filter-security-metadata-source element to configure your FilterSecurityInterceptor, then that has a "use-expressions" attribute on it, which should pretty much result in the same beans as if you're using the "http" namespace element.
Otherwise, you could try registering a separate DefaultWebSecurityExpressionHandler bean which the tags would pick up.
Junior Member
Thanks for the reply, but I did try both of those suggestions. The tags are not being evaluated. When I view the rendered page source the the tags are included in the page.
Senior Member
Do you mean you are seeing the raw JSP tags in the output of the page, or do you mean that the content inside the tags is being shown when it should not be (i.e. it should be hidden due to authorization rules declared by the tag).Originally Posted by redflagcto
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Junior Member
The raw JSP tags are being shown. It looks like I have a facelets/JSF problem with the security tags. I have double checked my configuration with multiple sources that all give the same directions about enabling the tags for use with facelets, including looking at the showcase application. For some reason the tags are not being parsed. The tag classes are never called and there are no errors.
Senior Member
Unfortunately this sounds like an issue not directly related to Spring Security. If you can provide more details on the specific set of UI and deployment technologies you're using, maybe someone can help.
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Junior Member
I am using latest STS with SpringSource tc Runtime. Java is 1.6. Springframework 3.0.5 with security and MVC, Webflow 2.3.0, myFaces 2.0.4, Tomahawk2 1.1.10.
I reworked my security-config.xml to use the namespace and now the tags are being parsed, but /root-context/j_spring_security_check is not available.
It seems like the tags only work with the namespace configuration, but that severely limits the configuration flexibility.
Junior Member
Fixed for now.
I got the j_spring_security_check path working again by adding in the UsernamePasswordAuthenticationFilter filter as a custom filter.
I stated previously, it seems that the security tags only work with the namespace configuration. Hopefully, this will meet all my needs going forward.
Reply With Quote
