Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Some weird (for me) aspects of Spring Tiles

 
Robert Raps
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Part 1 - Menu.jsp, which is appended to template.jsp


QUESTION:
If i remove these 2 rows, which wrap <div id="login">: <sec:authorize access="isAnonymous()"></sec:authorize>,
then i can see this div in generated html from template.jsp otherwise i can't.

Part2. Secure-spring.xml without dtd)


Part 3 - root-context.xml.
<import resource="secure-spring.xml"/> is present
Spring security dependcies in pom are present too.


I am new to spring and not very experienced in jstl. So, don't throw stones at me)

 
Bill Gorder
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The first thing that stands out at me is your intercept url

<intercept-url pattern="/*" access="permitAll" />

you probably meant to write /** but either way you are not protecting anything. Order matters with this and you should default to protected. Typically the last entry in the list should be

<intercept-url pattern="/**" access="denyAll" /> or
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

This way if you add a new pattern it is by default protected. You should specify other patterns before this one like permitAll on /resources/** for you static content etc.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic