If you need Spring jsp page authorization means follow the below steps,
Step 1: Need to activate web authorization in web security file
use-expressions="true" in http tag in security xml file
ex:
<http .... use-expressions="true">
then you configure pom.xml for download spring
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
Step2. Then add the tag lib in your need jsp page
Ex:
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
Step3: Then check the hasRole in jsp page
Ex:
<security:authorize access="hasRole('ROLE_USER')">
This text is only visible to a user
<br/>
</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">
This text is only visible to an admin
<br/>
</security:authorize>
In that place userRole is case sensitive
You can also provide the full page access based on role.. use follow sample code
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
This intercept allow role user in that page.
Based on in you question you should verify web security file must have
use-expression="true"
If it is correct please make sure the role name.Because it is case sensitive
No comments:
Post a Comment