I'm using Spring Security for the first time with Spring MVC and Tiles.
Everything is Ok about authentication using users/roles from database, but when I add the <security:authorize>
tag to make adaptation according to the user authenticated in the views I'm getting this error :
java.lang.ClassNotFoundException: org.springframework.security.access.expression.SecurityExpressionHandler
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
java.lang.Class.getDeclaredMethods0(Native Method)
java.lang.Class.privateGetDeclaredMethods(Unknown Source)
java.lang.Class.getDeclaredMethods(Unknown Source)
org.apache.catalina.util.Introspection.getDeclaredMethods(Introspection.java:127)
org.apache.jasper.runtime.TagHandlerPool.get(TagHandlerPool.java:121)
org.apache.jsp.WEB_002dINF.pages.jsp.indexAdmin2_jsp._jspx_meth_security_005fauthorize_005f0(indexAdmin2_jsp.java:262)
org.apache.jsp.WEB_002dINF.pages.jsp.indexAdmin2_jsp._jspService(indexAdmin2_jsp.java:223)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:669)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:574)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:343)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
This is an example of a Tile causing this trouble :
<%@taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<div class="leftpanel">
<div class="leftmenu">
<ul class="nav nav-tabs nav-stacked">
<li class="nav-header">iERP</li>
<security:authorize ifAnyGranted="ROLE_ADMIN" >
<li class="dropdown active"><a href="#"><span class="iconfa-th-list"></span>AAA</a>
<ul>
<li><a href="GestionServices.erp">Gestion des Services</a></li>
</ul>
</li>
</security:authorize>
<security:authorize ifAnyGranted="ROLE_USER" >
<li class="dropdown active"><a href="#"><span class="iconfa-list-alt"></span>Section de Facturation</a>
<ul>
<li><a href="FacturesParMois.erp">Facturation Par PĂ©riodes</a></li>
</ul>
</li>
</security:authorize>
</ul>
</div>
</div>
When I checked my WEB-INF/lib folder I found that I had different versions of spring-security jars, some had 3.1.4 and others 3.0.2. It's working well now with all jars on 3.1.4 version ! Thank you Luke, your comment gave me the answer !