Spring security. authorize doesn't work on jsp
I had the following jsp page and that jsp compiles as expected
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
<c:if test="${sessionScope.userName!=null}">
...
</c:if>
In the login controller method, I have the following line:
session.setAttribute("userName", name);
I thought it would be better to rewrite it with spring security tags
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
<sprSec:authorize access="isAuthenticated()">
...
</sprSec:authorize>
And now I have an error when trying to access the page:
org.apache.jasper.JasperException: org.apache.jasper.JasperException: An exception occurred processing JSP page /WEB-INF/*/*****.jsp at line 5
2: <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
3: <%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
4:
5: <sprSec:authorize access="isAuthenticated()">
6:
7: <c:set var="profileUrl" value="#" scope="request" />
8: <sprSec:authorize ifAllGranted="ROLE_USER">
....
root cause
javax.servlet.ServletException: javax.servlet.jsp.JspException: java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
..........
+3
source to share
1 answer
This is probably a duplicate of Spring Security. There is no visible WebSecurityExpressionHandler instance in the application context .
As stated there, be sure to add an attribute use-expressions
set to true for your config element http
, i.e. write <http use-expressions="true">
.
+2
source to share