Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1965: Passivity DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler #2190

spring-issuemaster opened this Issue May 27, 2012 · 5 comments


None yet
2 participants

Rob Winch (Migrated from SEC-1965) said:

The DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler which causes issues when using spring-webflow's AbstractAuthorizeTag which looks up the WebExpressionHandler for authorize statements. We should probably also look into getting webflow to use the provided AbstractAuthorizeTag (I haven't had time to investigate why they might have their own copy of this tag).

webmeiker said:

In the meantime, if someone wants to use authorize functions and sec:authentication tag of Spring Security 3.1.0 with JSF 2.0, this should help (see attachment)

Grzegorz Rozniecki said:

Also, reference to WebSecurityExpressionHandler in Spring Manual (in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6860) should be removed.

Rob Winch said:


Thank you for pointing this out. You are correct that should be removed. However, it isn't exactly the same as this issue so I went ahead and created a separate ticket for it (see SEC-1985). Thanks again for taking the time to help may Spring Security better.

Rob Winch said:

I have logged SWF-1557 to address consolidating SWF's Security taglib with Spring Security's taglib.

Rob Winch said:

Pushed fixes out to master

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment