Oct 30th, 2011, 11:32 PM
<sec:authorize url> tag cant hide in spring secuiry (please give me a real demo)
hi all ,
when I use the spring security 3.1rc2,I find a problem need to help
I custom the AcessDecisonManager, FilterSecurityInterceptor , InvocationSecurityMetadataSource,UserDetailsServic e and put the user,role and resource url in database and use the <sec:authorize url> tag in UI as bellow:
<a href="admin.jsp">enter the admin</a>
when I login in with user who not has the authority of access,I find the admin.jsp link not hidden ,it still show in the UI,click the admin.jsp link ,access denied ( which means the authority work well) .
but I want to know how can I do to make the admin.jsp link hidden when the user has not the authority of accessing the link? if I config the role in security.xml ,and login in with user who not has the authority of access, the <sec:authorize url> hide automatically.
please give me a detail solution .
Oct 31st, 2011, 07:00 AM
Look at the tutorial sample. It is used there.