Spring-EL Expressions

To enable spring security EL expressions, add the following to the <http> element in your application-security.xml file;


A few gotcha’s when enabling this; each of your <intercept-url … role=”ROLE_USER” needs to be changed to role=”hasRole(‘ROLE_USER’)

Also – the following exception will be thrown unless you change ‘IS_AUTHENTICATED_ANONYMOUSLY’ to ‘permitAll’;

Failed to evaluate expression 'IS_AUTHENTICATED_ANONYMOUSLY'

In your JSP pages the following can be used for securing portions of pages;

<sec:authorize access="hasRole('ROLE_MANAGER')">

A few other useful links;


Leave a Reply