I am using Spring 2.5.5, Spring Security 2.0.4 in a Spring MVC web app which needs to run on WebSphere 6.1 (126.96.36.199 patch level). This webapp works fine on Tomcat 6 which is my development environment. Web app security is configured using <security:http auto-config="true"> setup, nothing fancy.
JSP pages of this app use security:authorize tags in jsp files to show/hide content like this:
The security:authorize tags work perfectly on Tomcat 6, but stop working on Websphere 6.1. The strange thing is all the rest of Spring Security functionality works just fine on Websphere (188.8.131.52) - the security filters, login form, authentication and code-level authorization work fine. The principal does get loaded and it's authorizations are available. Only the Spring Security authorize JSP tag doesn not work. No errors are logged either, only the content inside the authorize tags is always missing.Code:<security:authorize ifAnyGranted="ROLE_myapp_Admin"> Some content... </security:authorize>
I have tried this on different patch levels - from 184.108.40.206 to 220.127.116.11 and still no luck. If anyone has any ideas I would appreciate any hints.
BTW, other JSTL and Spring taglibs work just fine, for example the new spring form tags work.
Thanks for any help...