SpelEvaluationException:EL1011E:(pos 0):方法调用:尝试在空上下文对象上

时间:2019-06-13 20:03:59

标签: java spring spring-security

当我在http部分中将spring安全配置更改为使用use-expressions="true"时,我开始获得org.springframework.expression.spel.SpelEvaluationException: EL1011E:(pos 0): Method call: Attempted to call method isAnonymous() on null context object

以下是我的新安全性配置,由于上述异常而失败

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />

    <http auto-config="true" request-matcher="regex" access-denied-page="/admin.jsp" use-expressions="true">
        <intercept-url pattern="/login\.(css|jsp)(\?.*)*" access="isAnonymous()" />
        <intercept-url pattern="/images/login.*\.(png|gif|jpg|ico)" access="isAnonymous()" />
        <intercept-url pattern="/.*" access="isAuthenticated()" />

        <form-login login-page="/login.jsp"  authentication-failure-url="/login.jsp?login_error=true" authentication-success-handler-ref="urlAuthenticationSuccessHandler"/>
        <logout logout-success-url="/login.jsp" invalidate-session="true" />

        <custom-filter before="FORM_LOGIN_FILTER" ref="tokenValidationFilter" />
        <custom-filter after="FORM_LOGIN_FILTER" ref="invalidateCacheFilter" />
        <custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER" />
        <session-management invalid-session-url="/login.jsp" />
    </http>

    <beans:bean id="urlAuthenticationSuccessHandler" class="com.myDomain.admin.webapp.server.endpoint.UrlAuthenticationSuccessHandler" />

    <beans:bean id="ajaxTimeoutRedirectFilter" class="com.myDomain.admin.webapp.server.endpoint.AjaxTimeoutRedirectFilter">
        <beans:property name="customSessionExpiredErrorCode" value="901" />
    </beans:bean>

    <beans:bean id="invalidateCacheFilter" class="com.myDomain.admin.webapp.server.endpoint.InvalidateCacheForJspPagesFilter" >
    </beans:bean>
    <beans:bean id="myUserService" class="com.myDomain.admin.webapp.server.AuthenticationUserService" />

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="myUserService">
            <password-encoder hash="md5" />
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="tokenValidationFilter" class="com.myDomain.admin.webapp.TokenValidationFilter" />
</beans:beans>

以前,当使用下面的安全配置时,一切运行正常

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />

    <http auto-config="true" request-matcher="regex" access-denied-page="/admin.jsp">
        <intercept-url pattern="/login\.(css|jsp)(\?.*)*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/images/login.*\.(png|gif|jpg|ico)" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/.*" access="ROLE_ADMINISTRATOR" />

        <form-login login-page="/login.jsp"  authentication-failure-url="/login.jsp?login_error=true" authentication-success-handler-ref="urlAuthenticationSuccessHandler"/>
        <logout logout-success-url="/login.jsp" invalidate-session="true" />

        <custom-filter before="FORM_LOGIN_FILTER" ref="tokenValidationFilter" />
        <custom-filter after="FORM_LOGIN_FILTER" ref="invalidateCacheFilter" />
        <custom-filter ref="ajaxTimeoutRedirectFilter" after="EXCEPTION_TRANSLATION_FILTER" />
        <session-management invalid-session-url="/login.jsp" />
    </http>

    <beans:bean id="urlAuthenticationSuccessHandler" class="com.myDomain.admin.webapp.server.endpoint.UrlAuthenticationSuccessHandler" />

    <beans:bean id="ajaxTimeoutRedirectFilter" class="com.myDomain.admin.webapp.server.endpoint.AjaxTimeoutRedirectFilter">
        <beans:property name="customSessionExpiredErrorCode" value="901" />
    </beans:bean>

    <beans:bean id="invalidateCacheFilter" class="com.myDomain.admin.webapp.server.endpoint.InvalidateCacheForJspPagesFilter" >
    </beans:bean>
    <beans:bean id="myUserService" class="com.myDomain.admin.webapp.server.AuthenticationUserService" />

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="myUserService">
            <password-encoder hash="md5" />
        </authentication-provider>
    </authentication-manager>

    <beans:bean id="tokenValidationFilter" class="com.myDomain.admin.webapp.TokenValidationFilter" />
</beans:beans>

这两个安全配置之间的唯一区别在于http部分。 我正在使用Spring Security版本3.2.5

如果需要任何详细信息,请告诉我。 谢谢

0 个答案:

没有答案
相关问题
最新问题