authz:authorize ifNotGranted not behaving as expected
Hi I'm using Acegi Security on a web app using Spring with a STRUTS UI. I think my filter configuration is OK as using the <authz:authorize> tag with the ifAllGranted attribute works fine.
However, when I use the ifNotGranted attribute I don't get the behaviour I expected. For example:
What I would expect to happen is that administrators see the adminstrator only content and everyone else sees the ordinary content. What actually happens is that ordinary people see only the content contained by <authz:authorize ifNotGranted...
<!-- Only directors/administrators can change who placed a property once it has been created -->
[i]STUFF ONLY FOR ADMINISTRATORS[/i]
<!-- everyone else only gets to see who placed the property -->
[i]STUFF FOR ORDINARY PEOPLE[/i]
but administrators see the content contained by both <authz> tags.
According to the docs anyone with the ROLE_ADMINISTRATOR should not see the contents of the second tag.
Are there any common mistakes that exhibit these symptoms?
This mind intentionally left blank.