security:authorize tags not working
In my roo-generated project I set up spring security so people can log in (still have the default admin and user users)
I have used security:authorize tags before and all I had to add to my jsp was
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
at the top and then throw security:authorize tags around stuff on my page. It works like a charm in my regular hand-crafted spring 2.5 webapp.
I can't add that to my jspx files that roo generated, but I found a line in the default.jspx a line like this
xmlns:security="http://www.springframework.org/schema/security"
so I figured I could add that to the top of my menu.jspx and throw security tags around menu options so they won't show up except for admins
Here is the top of my menu.jspx
Problem is when I run my app those security tags get left in the source and of course, all the stuff inside still gets shown to everyone.Code:<ul xmlns:c="http://java.sun.com/jsp/jstl/core" xmlns:security="http://www.springframework.org/schema/security" xmlns:spring="http://www.springframework.org/tags" id="roo_menu"> <security:authorize ifAllGranted="ROLE_ADMIN"> <li id="web_mvc_jsp_interest_category"> <h2>interest</h2> <ul> <li id="web_mvc_jsp_create_interest_menu_item"> <c:url value="/interest/form" var="web_mvc_jsp_create_interest_menu_item_url"/> <a href="${web_mvc_jsp_create_interest_menu_item_url}"> <spring:message arguments="Interest" code="global.menu.new"/> </a> </li> <li id="web_mvc_jsp_list_interest_menu_item"> <c:url value="/interest?page=${empty param.page ? 1 : param.page}&amp;size=${empty param.size ? 10 : param.size}" var="web_mvc_jsp_list_interest_menu_item_url"/> <a href="${web_mvc_jsp_list_interest_menu_item_url}"> <spring:message arguments="Interests" code="global.menu.list"/> </a> </li> </ul> </li> </security:authorize>
It seems like I am missing something I read on the internets somewhere that this can happen if your filters are in the wrong order. Here are my filters and filter mappings from web.xml:
Any tips? What am I missing?Code:<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter> <filter-name>Spring OpenEntityManagerInViewFilter</filter-name> <filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class> </filter> <filter> <filter-name>etagFilter</filter-name> <filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class> </filter> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>httpMethodFilter</filter-name> <filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class> </filter> <filter> <filter-name>UrlRewriteFilter</filter-name> <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Spring OpenEntityManagerInViewFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>etagFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>httpMethodFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>UrlRewriteFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Reply With Quote