Security tags not working?

**asarco** · Dec 29th, 2009, 11:01 AM

Hello, I've been using Spring Security (1.x) with an old project with no problems, but now I have ported the security code to a new project, with Spring Security 2.0.5, and seems like the tags don't work:

In my JSP:

Code:

            
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>

...

<div id="user_info">
    <sec:authentication property="principal.authorities"/> 
    <sec:authentication property="principal.lastname" /> 
    <sec:authentication property="principal.username" /> &nbsp; 
    ${SPRING_SECURITY_CONTEXT.authentication.principal.username}
</div>

The tags don't show anything, and if I debug through the source code, it's like the SecurityContext is not in the session. However, the ${SPRING_SECURITY_CONTEXT.authentication.principal .username} expression shows the correct username of the logged in user:

My Spring Security configuration is quite simple, but I don't think it has something to do with this problem:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">

    
    <http auto-config="true"  access-decision-manager-ref="accessDecisionManager">
        <form-login login-page="/jsp/login.jsp"/>
        <intercept-url pattern="/index.jsp" access="ROLE_ANONYMOUS, ROLE_USER" />
        <intercept-url pattern="/jsp/login.jsp" filters="none"/>
        <intercept-url pattern="/menu/MenuGenerator.action" access="ROLE_ANONYMOUS, ROLE_USER" />
        <intercept-url pattern="/**/*.action" access="ROLE_USER" />
        <intercept-url pattern="/**/*.jsp" access="ROLE_USER" />
    </http>
    <authentication-provider user-service-ref="userService" >
        <password-encoder ref="passEncoder"/>
    </authentication-provider>
    
    <beans:bean id="passEncoder" class="org.springframework.security.providers.encoding.PlaintextPasswordEncoder"/>
    
    <beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
        <beans:property name="allowIfAllAbstainDecisions" value="false"/>
        <beans:property name="decisionVoters">
            <beans:list>
                <beans:bean class="com.playjam.webuser.impl.AdministratorVoter"/>
                <beans:bean class="org.springframework.security.vote.RoleVoter"/>
                <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
            </beans:list>
         </beans:property>
    </beans:bean>
    
</beans:beans>

The log seems to be normal to me:

Code:

2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Converted URL to lowercase, from: '/menu/menugenerator.action'; to: '/menu/menugenerator.action'
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Candidate is: '/menu/menugenerator.action'; pattern is /index.jsp; matched=false
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource  - Candidate is: '/menu/menugenerator.action'; pattern is /menu/menugenerator.action; matched=true
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Secure object: FilterInvocation: URL: /menu/MenuGenerator.action; ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER]
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Previously Authenticated: org.springframework.security.providers.UsernamePasswordAuthenticationToken@6d9d22e7: Principal: com.playjam.webuser.PlayJamUser@3ad4f000: Username: asarco; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: DEE2653B1CEFE29CF58D47C179C1B224; Granted Authorities: ROLE_ADMIN, ROLE_USER
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - Authorization successful
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.intercept.AbstractSecurityInterceptor  - RunAsManager did not change Authentication object
2009-12-29 16:37:47,961 [http-8080-5] DEBUG org.springframework.security.util.FilterChainProxy  - /menu/MenuGenerator.action reached end of additional filter chain; proceeding with original chain

However this piece looks like the SecurityContext is being cleared, however not being removed from the session:

Code:

2009-12-29 16:37:47,994 [http-8080-5] DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter  - SecurityContextHolder now cleared, as request processing completed

Any ideas?
Thanks.

Thread: Security tags not working?

Thread Tools

Display

Security tags not working?

Tags for this Thread

Posting Permissions