我在项目中使用spring security并配置自定义FilterSecurityInterceptor以从数据库获取url。当我试图在jsp中使用安全标记时,它会让我跟踪错误。
org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'hasRole' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'
at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:246)
at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:112)
at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:107)
at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:48)
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:81)
at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98)
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorizeUsingAccessExpression(AbstractAuthorizeTag.java:184)
at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorize(AbstractAuthorizeTag.java:105)
at org.springframework.security.taglibs.authz.JspAuthorizeTag.doStartTag(JspAuthorizeTag.java:54)
at org.apache.jsp.WEB_002dINF.template.header_jsp._jspx_meth_sec_005fauthorize_005f1(header_jsp.java:292)
at org.apache.jsp.WEB_002dINF.template.header_jsp._jspx_meth_sec_005fauthorize_005f0(header_jsp.java:227)
at org.apache.jsp.WEB_002dINF.template.header_jsp._jspService(header_jsp.java:137)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:690)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:599)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:536)
at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:954)
at org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:684)
at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:678)
at org.apache.tiles.request.jsp.JspRequest.doInclude(JspRequest.java:123)
at org.apache.tiles.request.AbstractViewRequest.dispatch(AbstractViewRequest.java:47)
at org.apache.tiles.request.render.DispatchRenderer.render(DispatchRenderer.java:45)
at org.apache.tiles.request.render.ChainedDelegateRenderer.render(ChainedDelegateRenderer.java:68)
at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:259)
at org.apache.tiles.template.InsertAttributeModel.renderAttribute(InsertAttributeModel.java:188)
at org.apache.tiles.template.InsertAttributeModel.execute(InsertAttributeModel.java:132)
at org.apache.tiles.jsp.taglib.InsertAttributeTag.doTag(InsertAttributeTag.java:299)
at org.apache.jsp.WEB_002dINF.template.template_jsp._jspx_meth_tiles_005finsertAttribute_005f1(template_jsp.java:160)
at org.apache.jsp.WEB_002dINF.template.template_jsp._jspService(template_jsp.java:108)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:690)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:477)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
at org.apache.tiles.request.servlet.ServletRequest.forward(ServletRequest.java:265)
at org.apache.tiles.request.servlet.ServletRequest.doForward(ServletRequest.java:228)
at org.apache.tiles.request.AbstractClientRequest.dispatch(AbstractClientRequest.java:57)
at org.apache.tiles.request.render.DispatchRenderer.render(DispatchRenderer.java:45)
at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:259)
at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:397)
at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:238)
at org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:221)
at org.apache.tiles.renderer.DefinitionRenderer.render(DefinitionRenderer.java:59)
at org.springframework.web.servlet.view.tiles3.TilesView.renderMergedOutputModel(TilesView.java:137)
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:264)
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1208)
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:992)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:920)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:816)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:801)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
and my code of jsp is as follows :-
<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>
<%@page import="com.medshastra.security.util.AccountUtil" %>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse"
data-target=".nav-collapse"> <i class="icon-tasks"></i> </a> <a
href="#" class="brand">MedShastra....healing touch</a>
<div class="nav-collapse collapse">
<ul class="nav pull-right">
<li class="active"><a href="<%=application.getContextPath()%>"><i class="icon-home">
</a></i>
</li>
<li class="dropdown"><a class="dropdown-toggle"
data-toggle="dropdown" href="#">Doctors <i class="caret"></i>
</a>
<ul class="dropdown-menu">
<li><a href="#">Near by Doctors</a>
</li>
<li><a href="#">Search a Doctor</a>
</li>
<li><a href="#">Alopathic Doctors</a>
</li>
<li><a href="#">Homeopathy Doctors</a>
</li>
<li><a href="#">Ayurvedic Doctors</a>
</li>
</ul></li>
<li><a href="#">Chemists</a>
</li>
<li><a href="#">About us</a>
</li>
<%
if(AccountUtil.getLoggedInAccount()==null) {
%>
<li>
<a href="<c:url value='/login'/>">Login</a>
</li>
<%
}
%>
<sec:authentication property="principal" var="principal"/>
<sec:authorize access="fullyAuthenticated">
<li class="dropdown"><a class="dropdown-toggle"
data-toggle="dropdown" href="#">Module <i class="caret"></i>
</a>
<ul class="dropdown-menu">
<li><a href="<c:url value='/displayApi'/>">Api</a>
</li>
<sec:authorize access="hasRole['ROLE_USER']"></sec:authorize>
<li><a href="<c:url value='/displayAvailability'/>">Availability</a>
</li>
<li><a href="<c:url value='/displayDose'/>">Dose</a>
</li>
<li><a href="<c:url value='/displayPrecautions'/>">Precautions</a>
</li>
<li><a href="<c:url value='/displayTherapeuticCategory'/>">Therapeutic
Category</a>
</li>
</ul>
</li>
</sec:authorize>
<sec:authorize access="fullyAuthenticated">
<li>
<a href="<c:url value='/logout'/>">Logout</a>
</li>
</sec:authorize>
</ul>
</div>
</div>
</div>
</div>
Security file configuration as follows :-
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- <security:http entry-point-ref="myAuthenticationEntryPoint"
use-expressions="true" auto-config="false">
<security:intercept-url pattern="/index.jsp"
access="permitAll" />
<security:intercept-url pattern="/resources/**"
access="permitAll" />
<security:intercept-url pattern="/login/**"
access="permitAll" />
<security:intercept-url pattern="/search/**"
access="permitAll" />
<security:intercept-url pattern="/displayDetail/**"
access="permitAll" />
<security:intercept-url pattern="/createAccount/**"
access="permitAll" />
<security:intercept-url pattern="/checkEmail/**"
access="permitAll" />
<security:intercept-url pattern="/activateUser/**"
access="permitAll" />
<security:intercept-url pattern="/**"
access="fullyAuthenticated" />
<security:session-management
session-fixation-protection="newSession" />
<security:custom-filter ref="processingFilter"
position="FORM_LOGIN_FILTER" />
<security:custom-filter ref="logoutFilter"
position="LOGOUT_FILTER" />
<security:custom-filter ref="filterSecurityInterceptor" after="FILTER_SECURITY_INTERCEPTOR"/>
</security:http> -->
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/resources/**" filters="none" />
<security:filter-chain pattern="/index.jsp" filters="none" />
<security:filter-chain pattern="/login/**" filters="none" />
<security:filter-chain pattern="/search/**" filters="none" />
<security:filter-chain pattern="/displayDetail/**" filters="none" />
<security:filter-chain pattern="/createAccount/**" filters="none" />
<security:filter-chain pattern="/activateUser/**" filters="none" />
<security:filter-chain pattern="/**"
filters="
securityContextPersistenceFilter,
logoutFilter,
processingFilter,
exceptionTranslationFilter,
filterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"></property>
<property name="accessDecisionManager" ref="affirmativeBased"></property>
<property name="securityMetadataSource"
ref="optionsFromDataBaseFilterInvocationSecurityMetadataSource"></property>
<property name="validateConfigAttributes" value="true" />
</bean>
<bean id="optionsFromDataBaseFilterInvocationSecurityMetadataSource"
class="com.medshastra.security.config.DataBaseFilterInvocationSecurityMetadataSource"></bean>
<bean id="affirmativeBased"
class="org.springframework.security.access.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<constructor-arg ref="sessionCreation">
</constructor-arg>
</bean>
<bean id="sessionCreation"
class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<!-- <property name='allowSessionCreation' value='true' /> -->
</bean>
<!-- Basic authentication filter. -->
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationEntryPoint" ref="myAuthenticationEntryPoint" />
</bean>
<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="myAuthenticationEntryPoint" />
<property name="accessDeniedHandler">
<bean
class="org.springframework.security.web.access.AccessDeniedHandlerImpl" />
</property>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="myAuthenticationProvider" />
</security:authentication-manager>
<bean id="myAuthenticationProvider"
class="com.medshastra.security.config.AuthenticationProviderExtended">
<property name="userDetailsService" ref="myUserDetailsService"></property>
<property name="passwordEncoder" ref="passwordEncoder"></property>
<property name="saltSource" ref="saltSource"></property>
</bean>
<bean id="processingFilter"
class="com.medshastra.security.config.FormBasedProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="usernameParameter" value="username" />
<property name="passwordParameter" value="password" />
<property name="allowSessionCreation" value="true" />
<property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler" />
<property name="authenticationSuccessHandler" ref="simpleUrlAuthenticationSuccessHandler" />
<property name="filterProcessesUrl" value="/performLogin" />
</bean>
<bean id="simpleUrlAuthenticationFailureHandler"
class="com.medshastra.security.config.AuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login"></property>
</bean>
<bean id="simpleUrlAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/home" />
</bean>
<bean id="myAuthenticationEntryPoint"
class="com.medshastra.security.config.CustomAuthenticationEntryPoint">
<constructor-arg value="/login" />
</bean>
<bean id="myUserDetailsService"
class="com.medshastra.security.config.MyCustomUserDetailsService">
</bean>
<bean id="myLogoutHandler" class="com.medshastra.security.config.MyLogoutHandler">
<property name="invalidateHttpSession" value="true" />
</bean>
<bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<!-- if logout succeed then this is the URL -->
<constructor-arg value="/login" />
<constructor-arg>
<list>
<ref bean="myLogoutHandler" />
</list>
</constructor-arg>
<!-- Logout filter will be called when detected /logout.jsp call -->
<property name="filterProcessesUrl" value="/logout" />
</bean>
<!-- <security:authentication-manager> <security:authentication-provider>
<security:user-service> <security:user name="mkyong" authorities="ROLE_USER"
password="123456"/> </security:user-service> </security:authentication-provider>
</security:authentication-manager> -->
<!-- <authentication-manager> <authentication-provider> <user-service> <user
name="mkyong" password="123456" authorities="ROLE_USER" /> </user-service>
</authentication-provider> </authentication-manager> -->
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256"></constructor-arg>
</bean>
<bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<property name="userPropertyToUse" value="username"></property>
</bean>
</beans>
答案 0 :(得分:0)
将hasRole['ROLE_USER']更改为hasRole('ROLE_USER')。