SEC-1965: Passivity DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler #2190

spring-issuemaster opened this Issue May 27, 2012 · 5 comments


None yet
2 participants

Rob Winch (Migrated from SEC-1965) said:

The DefaultWebSecurityExpressionHandler no longer implements WebSecurityExpressionHandler which causes issues when using spring-webflow's AbstractAuthorizeTag which looks up the WebExpressionHandler for authorize statements. We should probably also look into getting webflow to use the provided AbstractAuthorizeTag (I haven't had time to investigate why they might have their own copy of this tag).

webmeiker said:

In the meantime, if someone wants to use authorize functions and sec:authentication tag of Spring Security 3.1.0 with JSF 2.0, this should help (see attachment)

Grzegorz Rozniecki said:

Also, reference to WebSecurityExpressionHandler in Spring Manual (in should be removed.

Rob Winch said:


Thank you for pointing this out. You are correct that should be removed. However, it isn't exactly the same as this issue so I went ahead and created a separate ticket for it (see SEC-1985). Thanks again for taking the time to help may Spring Security better.

Rob Winch said:

I have logged SWF-1557 to address consolidating SWF's Security taglib with Spring Security's taglib.

Rob Winch said:

Pushed fixes out to master

spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment