Using spring-security, I have a custom UserDetailsService, returning the following UserDetails:
In the security config file, I have the following:
HashSet<SimpleGrantedAuthority> authSet = new HashSet<SimpleGrantedAuthority>();
return new User(user.getUsername(), user.getPassword(),
user.isActive(), !user.isExpired(), !user.isCredentialsExpired(),
And in a JSP page, the following code:
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
With spring-security-3.1.1 everything is working as expected, but with versions 3.1.2 & 3.1.3, users with ADMIN_ROLE can't see the link neither has access to the URL directly in the browser.
Please, could you tell me if I'm doing something wrong? Or maybe could be a bug?
I'm looking at release notes for the new versions but can't find any specific mention about if something changed about this.
Thanks in advance.