hi all ,

when I use the spring security 3.1rc2,I find a problem need to help

I custom the AcessDecisonManager, FilterSecurityInterceptor , InvocationSecurityMetadataSource,UserDetailsServic e and put the user,role and resource url in database and use the <sec:authorize url> tag in UI as bellow:

<sec:authorize url="/admin.jsp">
<a href="admin.jsp">enter the admin</a>
</sec:authorize>

when I login in with user who not has the authority of access,I find the admin.jsp link not hidden ,it still show in the UI,click the admin.jsp link ,access denied ( which means the authority work well) .

but I want to know how can I do to make the admin.jsp link hidden when the user has not the authority of accessing the link? if I config the role in security.xml ,and login in with user who not has the authority of access, the <sec:authorize url> hide automatically.

please give me a detail solution .