I'm trying appfuse and I have added some custom menus in menu.jsp (no doing in menu-config.xml because I would like to add some glyphicon, and struts menu can't do it)
so for hide/show menus I wanted to use spring security authorized tag
<security:authorize access="hasRole('ROLE_ADMIN')">
<li>
<a href="test.jsp"><i class="fa fa-edit fa-fw"></i> Forms</a>
</li>
</security:authorize>
but this tag causes Yike! error(error 500), nothing showed in the console. even I have
<Logger name="org.springframework.security" level="all"/>
<Logger name="org.springframework" level="all"/>
in log4j2.xml.
If I switch to <security:authorize ifAnyGranted="ROLE_ADMIN"> it works as expected. however as far as I know, ifAnyGranted is deprecated.
I'm curious why I see no error in output console?
I'm using appfuse 3.5 springMVC, running with jetty:run
Well since Alex didn't put the answer, I will post it myself
I had to add the use-expressions="true" in the http TAG in security.xml
for example