<sec:authorize url> tag cant hide in spring secuiry (please give me a real demo)

**gaojiewyh** · Oct 30th, 2011, 11:32 PM

hi all ,

when I use the spring security 3.1rc2,I find a problem need to help

I custom the AcessDecisonManager, FilterSecurityInterceptor , InvocationSecurityMetadataSource,UserDetailsServic e and put the user,role and resource url in database and use the <sec:authorize url> tag in UI as bellow:

<sec:authorize url="/admin.jsp">
<a href="admin.jsp">enter the admin</a>
</sec:authorize>

when I login in with user who not has the authority of access,I find the admin.jsp link not hidden ,it still show in the UI,click the admin.jsp link ,access denied ( which means the authority work well) .

but I want to know how can I do to make the admin.jsp link hidden when the user has not the authority of accessing the link? if I config the role in security.xml ,and login in with user who not has the authority of access, the <sec:authorize url> hide automatically.

please give me a detail solution .

**Luke Taylor** · Oct 31st, 2011, 07:00 AM

Look at the tutorial sample. It is used there.

Thread: <sec:authorize url> tag cant hide in spring secuiry (please give me a real demo)

Thread Tools

Display

Hybrid View

<sec:authorize url> tag cant hide in spring secuiry (please give me a real demo)

Posting Permissions