Spring Security
  1. Spring Security
  2. SEC-1965

Passivity DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.1
    • Component/s: Web
    • Labels:
      None

      Description

      The DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler which causes issues when using spring-webflow's AbstractAuthorizeTag which looks up the WebExpressionHandler for authorize statements. We should probably also look into getting webflow to use the provided AbstractAuthorizeTag (I haven't had time to investigate why they might have their own copy of this tag).

        Activity

        Hide
        webmeiker added a comment - - edited

        In the meantime, if someone wants to use authorize functions and <sec:authentication> tag of Spring Security 3.1.0 with JSF 2.0, this should help (see attachment)

        Show
        webmeiker added a comment - - edited In the meantime, if someone wants to use authorize functions and <sec:authentication> tag of Spring Security 3.1.0 with JSF 2.0, this should help (see attachment)
        Hide
        Grzegorz Rozniecki added a comment -

        Also, reference to WebSecurityExpressionHandler in Spring Manual (in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6860) should be removed.

        Show
        Grzegorz Rozniecki added a comment - Also, reference to WebSecurityExpressionHandler in Spring Manual (in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6860 ) should be removed.
        Hide
        Rob Winch added a comment -

        Grzegorz,

        Thank you for pointing this out. You are correct that should be removed. However, it isn't exactly the same as this issue so I went ahead and created a separate ticket for it (see SEC-1985). Thanks again for taking the time to help may Spring Security better.

        Show
        Rob Winch added a comment - Grzegorz, Thank you for pointing this out. You are correct that should be removed. However, it isn't exactly the same as this issue so I went ahead and created a separate ticket for it (see SEC-1985 ). Thanks again for taking the time to help may Spring Security better.
        Hide
        Rob Winch added a comment -

        I have logged SWF-1557 to address consolidating SWF's Security taglib with Spring Security's taglib.

        Show
        Rob Winch added a comment - I have logged SWF-1557 to address consolidating SWF's Security taglib with Spring Security's taglib.
        Hide
        Rob Winch added a comment -

        Pushed fixes out to master

        Show
        Rob Winch added a comment - Pushed fixes out to master

          People

          • Assignee:
            Rob Winch
            Reporter:
            Rob Winch
          • Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - 1d
              1d
              Remaining:
              Remaining Estimate - 1d
              1d
              Logged:
              Time Spent - Not Specified
              Not Specified