Equivalent to the deprecated <sec:authorize> ifNotGranted attribute

jsp spring-security jsp-tags
arontoms picture arontoms · Jun 8, 2012 · Viewed 15.9k times · Source

I would like to prevent an image having a link if a user does NOT have a certain role. e.g.

<sec:authorize ifNotGranted="ROLE_ACCOUNTS" ><img src="someimage.jpg"/></sec:authorize>
<sec:authorize ifAllGranted="ROLE_ACCOUNTS" ><a href="somelink.htm"><img src="someimage.jpg"/></a></sec:authorize>

However ifNotGranted and ifAllGranted are now deprecated in favour of the access expression. I can see that ifAllGranted can be replicated with:

<sec:authorize access="hasRole('ROLE_ACCOUNTS')"><a href="somelink.htm"><img src="someimage.jpg"/></a></sec:authorize>

But how can ifNotGranted be replicated using the access method? Any help would be greatfully appreciated.

Answer

axtavt picture axtavt · Jun 8, 2012

SpEL expression can be negated with ! operator:

<sec:authorize access="!hasRole('ROLE_ACCOUNTS')">...</sec:authorize>

See also:

Related questions

how to conditionally show jsp content to logged in users with Spring security

I want to show content to any user that is logged in and to hide if they are not logged in. I'm using jsp's and spring security. Obviously a home grown solution is easily done. But what's the cleanest standard …

Read More
Get Spring Security Principal in JSP EL expression

I am using Spring MVC and Spring Security version 3.0.6.RELEASE. What is the easiest way to get the user name in my JSP? Or even just whether or not the user is logged in? I can think of a couple …

Read More
HTTP 403 error while upload - Invalid CSRF Token 'null'

this file contains a form to upload a file uploadForm.jsp <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %> <html> &…

Read More