jQuery in Action, 3rd edition
The moose likes Spring and the fly likes Some weird (for me) aspects of Spring Tiles Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Some weird (for me) aspects of Spring Tiles" Watch "Some weird (for me) aspects of Spring Tiles" New topic

Some weird (for me) aspects of Spring Tiles

Robert Raps
Ranch Hand

Joined: Mar 13, 2013
Posts: 30
Part 1 - Menu.jsp, which is appended to template.jsp

If i remove these 2 rows, which wrap <div id="login">: <sec:authorize access="isAnonymous()"></sec:authorize>,
then i can see this div in generated html from template.jsp otherwise i can't.

Part2. Secure-spring.xml without dtd)

Part 3 - root-context.xml.
<import resource="secure-spring.xml"/> is present
Spring security dependcies in pom are present too.

I am new to spring and not very experienced in jstl. So, don't throw stones at me)

Bill Gorder

Joined: Mar 07, 2010
Posts: 1682

The first thing that stands out at me is your intercept url

<intercept-url pattern="/*" access="permitAll" />

you probably meant to write /** but either way you are not protecting anything. Order matters with this and you should default to protected. Typically the last entry in the list should be

<intercept-url pattern="/**" access="denyAll" /> or
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

This way if you add a new pattern it is by default protected. You should specify other patterns before this one like permitAll on /resources/** for you static content etc.

[How To Ask Questions][Read before you PM me]
I agree. Here's the link: http://aspose.com/file-tools
subject: Some weird (for me) aspects of Spring Tiles
It's not a secret anymore!