Security tag lib problem - authorization does not work
Hi,
I have succesfully implemented Spring Security (2.0.5) authentication. However, when trying to implement authorization in a JSF page, this does not seem to work.
I have the following very simple test page:
When testing the page, the user gets the role ROLE_ADMINISTRATOR (tested this thoroughly). The other role does not even exist in the system.Code:<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <ui:composition xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:sf="http://www.springframework.org/tags/faces" xmlns:s="http://www.springframework.org/schema/security" xmlns:c="http://java.sun.com/jstl/core" template="../../layout/template.xhtml"> <ui:define name="body"> <h:form id="testForm" prependId="false"> <s:authorize ifAllGranted="ROLE_ADMINISTRATOR"> <h:outputText value="You can only see this when you are administrator" /> </s:authorize> <br /> <s:authorize ifAllGranted="ROLE_NONEXIST"> <h:outputText value="You can only see this when you do not exist" /> </s:authorize> </h:form> </ui:define> </ui:composition>
When the page is shown, both lines of outputText are shown. So clearly the authorization does not work.
What am I doing wrong?
Thanks!
Coen
