My problem is similar to this one:
Spring security tags in sitemesh decorator
I'm using sitemesh in a Spring MVC project with Spring security. My web.xml looks like this:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And my NavBar.jsp (I'm using the Spring MVC Bootstrap showcase), which is included in every page decorated by sitemesh, looks like this:
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<security:authorize ifAnyGranted="ROLE_UPDATE">
<li ><a href="<c:url value="/dataupdate" />">Update</a></li>
</security:authorize>
<security:authorize ifAnyGranted="ROLE_ADMIN">
<li ><a href="<c:url value="/settings" />">Settings</a></li>
</security:authorize>
<li><a href="j_spring_security_logout">Logout</a></li>
</ul>
</div>
All works as expect (i.e. the navbar items only display if the authenticated user has the right roles), but the default Spring Security login page is not decorated. I can fix that by moving the Sitemesh filter in web.xml above the Spring Security filter, however then the security tags in NavBar.jsp stop working.
Is there a way I can have both?
To fix this issue I implemented a custom login.jsp page and sitemesh just picked it up.