Hi I'm using Acegi Security on a web app using Spring with a STRUTS UI. I think my filter configuration is OK as using the <authz:authorize> tag with the ifAllGranted attribute works fine.

However, when I use the ifNotGranted attribute I don't get the behaviour I expected. For example:

Code:
<!-- Only directors/administrators can change who placed a property once it has been created -->
<authz&#58;authorize ifAllGranted="ROLE_ADMINISTRATOR">
&#91;i&#93;STUFF ONLY FOR ADMINISTRATORS&#91;/i&#93;
</authz&#58;authorize>
				
<!-- everyone else only gets to see who placed the property -->
<authz&#58;authorize ifNotGranted="ROLE_ADMINISTRATOR">
&#91;i&#93;STUFF FOR ORDINARY PEOPLE&#91;/i&#93;
</authz&#58;authorize>
What I would expect to happen is that administrators see the adminstrator only content and everyone else sees the ordinary content. What actually happens is that ordinary people see only the content contained by <authz:authorize ifNotGranted...
but administrators see the content contained by both <authz> tags.

According to the docs anyone with the ROLE_ADMINISTRATOR should not see the contents of the second tag.

Are there any common mistakes that exhibit these symptoms?

thanks

Dave