I got that warning in JSP and this run time error "According to TLD or attribute directive in tag file, attribute access does not accept any expressions."  Is something wrong with my dependencies settings ?

Thanks!

I checked the taglib TLD, and it turns out that in Spring Security 3.0.x, the access attribute of <authorize> does not allow runtime expression, but it is allowed in Spring Security 3.1.x. This is why EL works in the SpringMVC example (which uses Spring Security 3.1.0) but not in CSNS2 (which uses 3.0.5).

Upgrading the dependency can be a little tricky due to incompatibility with some other libraries. The easier (though not as elegant) way is to just do the check in controller, pass the check result as a boolean value to JSP, then use <c:if> to hide part of the view.