I can't use sec:authorize

**nazila** · Jun 23rd, 2011, 05:49 AM

I have a JSF 2 page based on Facelets and use Spring Security 3.0.5 behind the application. When I put some tags like this within my page:

Code:

<sec:authorize  access="hasRole('SS')" >
<h:outputText value="X" />
</sec:authorize>

the X will display at runtime anyway with any role. The auto completion feature of my eclipse work correctly to show the "sec:" tags and their properties at programming time. what's the problem?

The source of rendered html is like this:

Code:

<sec:authorize access="hasRole('SS')">X</sec:authorize>

This is the jar file that is in my WEB-INF/lib/:
http://search.maven.org/remoteconten....5.RELEASE.jar

**stigto** · Jun 23rd, 2011, 07:11 AM

JSF integration seems broken. A working 3.0.5 project breaks just by updating versions of spring-security-web, spring-security-config and spring-security-taglibs from 3.0.5.RELEASE to 3.1.0.RC2 and the schema in application context from spring-security-3.0.xsd to spring-security-3.1.xsd.

Error log shows:

java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.

**Rob Winch** · Jun 23rd, 2011, 08:57 AM

Originally Posted by nazila

I have a JSF 2 page based on Facelets and use Spring Security 3.0.5 behind the application. When I put some tags like this within my page:
...

Please do not post the same question in multiple places.

**Rob Winch** · Jun 23rd, 2011, 08:59 AM

Originally Posted by stigto

JSF integration seems broken. A working 3.0.5 project breaks just by updating versions of spring-security-web, spring-security-config and spring-security-taglibs from 3.0.5.RELEASE to 3.1.0.RC2 and the schema in application context from spring-security-3.0.xsd to spring-security-3.1.xsd.

Error log shows:

java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.

While this may have merit I do not think it is relevant to this users problem since they claim to be using 3.0.5. On a side note, if you can provide a sample project that demonstrates the issue I would be happy to take a look at it.

**stigto** · Jun 23rd, 2011, 03:43 PM

I'm sorry, for some reason I thought nazila was using 3.1. Nevertheless, I've put together a rather minimal project based on 3.0.5, which works. Maybe this will be of use to nazila. However, changing the version numbers in the maven pom.xml for the 3 spring security entries from 3.0.5.RELEASE to 3.1.0.RC2 and changing the xsd version for spring security in the applicationContext.xml from spring-security-3.0.xsd to spring-security-3.1.xsd demonstrates the problem.jsf2_spring_security.zip

**Rob Winch** · Jun 24th, 2011, 08:40 AM

Thanks I will have a look at it this weekend when I'm not so busy w/ my day job.

Thread: I can't use sec:authorize

Thread Tools

Display

I can't use sec:authorize

Tags for this Thread

Posting Permissions