In the role table i am storing role name as "Admin", when i check
<sec:authorize access="hasRole('ADMIN')">
<c:out value='${message}'/>
</sec:authorize>
its not printing the message even if i log in as Admin user.
Is this expression case-sensitive?
If you need Spring jsp page authorization means follow the below steps,
Step 1: Need to activate web authorization in web security file
use-expressions="true" in http tag in security xml file
ex: <http .... use-expressions="true">
then you configure pom.xml for download spring
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
Step2. Then add the tag lib in your need jsp page
Ex:
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
Step3: Then check the hasRole in jsp page
Ex:
<security:authorize access="hasRole('ROLE_USER')">
This text is only visible to a user
<br/>
</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">
This text is only visible to an admin
<br/>
</security:authorize>
In that place userRole is case sensitive
You can also provide the full page access based on role.. use follow sample code
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
This intercept allow role user in that page.
Based on in you question you should verify web security file must have use-expression="true"
If it is correct please make sure the role name.Because it is case sensitive
