How to use constant for Spring Security hasRole

Question

I have a JSP with Spring Security. I have a simple tag that determines if the user has an ADMIN role like this:

<sec:authorize access="hasRole('ADMIN')">

and works fine. I am now trying to implement across the site with many roles, so I have a UserAccess class with static Strings as constants for all my roles. so I try this:

<sec:authorize access="hasRole(UserAccess.ADMIN)">

But this is throwing:

Field or property 'UserAccess' cannot be found on object of type 
'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'

The class is in the classpath, I can access it with <% .. %> etc...
What is the best way to handle this?

score 9 · Answer 1 · answered Oct 01 '13 at 08:42

9

To reference an instance inside hasRole you need to use the special T operator and use fully qualified name of the class.

<sec:authorize access="hasRole(T(package.UserAccess).ADMIN)">

answered Oct 01 '13 at 08:42

Aleksandr M

24,264
12
69
143

score 0 · Answer 2 · answered Oct 01 '13 at 05:08

0

Missing single quotes perhaps? Try this:

 <sec:authorize access="hasRole('UserAccess.ADMIN')">

answered Oct 01 '13 at 05:08

poodle

107
1
10

How to use constant for Spring Security hasRole

2 Answers2

Linked