I’ve been hunting down bugs all day and getting next to nothing done. After finding that Spring would rather convert a String into a bunch of smaller Strings than let me do my work, I find even more. Fortunately, this one was a cinch.

Needing something to do role-based conditional processing in my JSF pages, I ended up with what looks like what may be possibly the only open source solution. (If there are more, please let me know.) It’s unfortunate that Spring decided not to support JSF for Spring Security when they support a JSP/JSTL taglib. Supposedly, Spring Security isn’t tied to any web tier technology. That doesn’t make sense. Drop the taglib, then, assholes. Move it into another package or something. It’s not like JSF tags are a difficult problem, either. Standard framework support probably belongs under Spring Security. If it’s all in one place, cohesive, and it works, people won’t be annoyed.

That being said, it’s also unfortunate that Dominik decided to go with a google code project. I don’t want to log into google for every god damned thing. There are other alternatives that aren’t complete shit. So, just out of spite, I’m not using that shitheaded issue tracker and I’m posting about it here. I’m not even going to link to it. Just set up Trac or something. You already run a site.

Anyway, the taglib is broken, so here’s the fix…


I guess Spring Security updated an interface in 3.0.0. You just need to pull out org.springframework.security.taglibs.facelets.SpringSecurityELLibrary from the taglib’s source jar, update line 58 to use a Collection instead of a List, and stick the source on your classpath (or repackage the jar).

I sent this email to Dominik Dorn, the author, but it has probably fallen into a contact form black hole by now:

SpringSecurityELLibrary is attempting to get the user’s authorities on line 58 and it’s expecting a List:

List authorities = currentUser.getAuthorities();

However, that isn’t the case. We get an exception like this:

java.lang.NoSuchMethodError: org.springframework.security.core.Authentication.getAuthorities()Ljava/util/List;

The current method signature in Authentication is:

Collection getAuthorities();

  • Digg
  • Delicious
  • StumbleUpon
  • Technorati Favorites
  • Reddit
  • Yahoo Buzz
  • Twitter
  • DZone
  • Google Bookmarks
  • LinkedIn
  • Amazon Wish List
  • Share/Bookmark
Creative Commons License
Spring Security 3 and JSF by cum grano salis — nobody likes a clever bastard, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.