SEC-1965: Passivity DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler #2190

Closed
spring-issuemaster opened this Issue May 27, 2012 · 5 comments

2 participants

@spring-issuemaster

Rob Winch (Migrated from SEC-1965) said:

The DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler which causes issues when using spring-webflow's AbstractAuthorizeTag which looks up the WebExpressionHandler for authorize statements. We should probably also look into getting webflow to use the provided AbstractAuthorizeTag (I haven't had time to investigate why they might have their own copy of this tag).

@spring-issuemaster

webmeiker said:

In the meantime, if someone wants to use authorize functions and sec:authentication tag of Spring Security 3.1.0 with JSF 2.0, this should help (see attachment)

@spring-issuemaster

Grzegorz Rozniecki said:

Also, reference to WebSecurityExpressionHandler in Spring Manual (in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6860) should be removed.

@spring-issuemaster

Rob Winch said:

Grzegorz,

Thank you for pointing this out. You are correct that should be removed. However, it isn't exactly the same as this issue so I went ahead and created a separate ticket for it (see SEC-1985). Thanks again for taking the time to help may Spring Security better.

@spring-issuemaster

Rob Winch said:

I have logged SWF-1557 to address consolidating SWF's Security taglib with Spring Security's taglib.

@spring-issuemaster

Rob Winch said:

Pushed fixes out to master

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment