why sec:authorize doesn't work?

I have a JSF 2 page based on Facelets and use Spring Security 3 behind the application. When I put some tags like this within my page:

<sec:authorize access="hasRole('SS')" > <h:outputText value="X" /> </sec:authorize>

the X will display at runtime anyway. The auto completion feature of eclipse work correctly to show the "sec:" tags and their properties at programming time. what's the problem?

In HTML, any tags not understood will be ignored. So what probably happened is that you didn't include necessary context for the "sec" tags. Either you're missing the xsd reference in the page that employs the tag or you didn't properly include/configure the tag library in your WAR.

Tim Holloway wrote:In HTML, any tags not understood will be ignored. So what probably happened is that you didn't include necessary context for the "sec" tags. Either you're missing the xsd reference in the page that employs the tag or you didn't properly include/configure the tag library in your WAR.

I put the spring-security-taglib within the lib of my project and the xmlns:sec="http://www.springframework.org/security/tags" within my page. Also, the source of rendered html is like this: <sec:authorize access="hasRole('SS')">X</sec:authorize>

All the XSD does is tell the XML parser how to validate the text in the xhtml file. It doesn't hook up any functionality.

If the tags are being passed through to the HTML without being removed and acted on, you definitely are missing some app configuration options needed to switch that functionality on.

Tim Holloway wrote:All the XSD does is tell the XML parser how to validate the text in the xhtml file. It doesn't hook up any functionality.

If the tags are being passed through to the HTML without being removed and acted on, you definitely are missing some app configuration options needed to switch that functionality on.

The Spring Security 3 within my project works correctly except for sec taglib. What are app configuration options for this?

Spring Security has a separate set of JARs. You need to download them separately, if you haven't already.