Spring Security - 在应用程序上下文中找不到可见的 WebSecurityExpressionHandler 实例 [英] Spring Security - No visible WebSecurityExpressionHandler instance could be found in the application context
问题描述
仅当用户通过身份验证时,我才无法在 JSP 页面中显示注销链接.这是我在 JSP 页面的这一行遇到的异常:
I am having trouble displaying a logout link in a JSP page only if the user is authenticated. Here is the exception I have at this line of the JSP page:
<sec:authorize access="isAuthenticated()">
异常:
Stacktrace:
....
root cause
javax.servlet.jsp.JspException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
org.springframework.security.taglibs.authz.AuthorizeTag.getExpressionHandler(AuthorizeTag.java:100)
org.springframework.security.taglibs.authz.AuthorizeTag.authorizeUsingAccessExpression(AuthorizeTag.java:58)
这是我的 application-context-Security.xml:
Here is my application-context-Security.xml:
<http auto-config='true' >
<intercept-url pattern="/user/**" access="ROLE_User" />
<logout logout-success-url="/hello.htm" />
</http>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService" />
</beans:bean>
<beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
我知道我可以在 http 标签中使用 use-expression="true" ,但这意味着我必须在拦截 url 标签和 java 代码中使用表达式.有解决方法吗?
I understand that I could use use-expression="true" in the http tag but that means I would have to use expression in the intercept-url tags and in the java code. Is there a workaround?
推荐答案
你可以在你的应用程序上下文中添加一个
You can just add one to your application context
<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
但最简单的方法是在您的 <http>
配置中启用表达式,然后会为您添加一个.这仅意味着您必须在该块中使用表达式,而不是在 Java 代码中使用表达式,例如方法 @Secured
注释.
but the easiest way is just to enable expressions in your <http>
configuration, and one will be added for you. This only means that you have to use expressions within that block, not in Java code such as method @Secured
annotations.
这篇关于Spring Security - 在应用程序上下文中找不到可见的 WebSecurityExpressionHandler 实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!