Announcement Announcement Module
Collapse
No announcement yet.
Exception with Method Level Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exception with Method Level Security

    I am getting following error when a request is made to the page..

    PHP Code:
    org.springframework.web.util.NestedServletExceptionHandler processing failednested exception is java.lang.NoSuchMethodErrororg.springframework.aop.framework.AopProxyUtils.ultimateTargetClass(Ljava/lang/Object;)Ljava/lang/Class;
        
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:912)
        
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
        
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:851)
        
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:756)
        
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:328)
        
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
        
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
      ...........................................................................................................................
    root cause

    java
    .lang.NoSuchMethodErrororg.springframework.aop.framework.AopProxyUtils.ultimateTargetClass(Ljava/lang/Object;)Ljava/lang/Class;
        
    org.springframework.security.access.expression.method.MethodSecurityEvaluationContext.addArgumentsAsVariables(MethodSecurityEvaluationContext.java:93)
        
    org.springframework.security.access.expression.method.MethodSecurityEvaluationContext.lookupVariable(MethodSecurityEvaluationContext.java:57)
        
    org.springframework.expression.spel.ExpressionState.lookupVariable(ExpressionState.java:122)
        
    org.springframework.expression.spel.ast.VariableReference.getValueInternal(VariableReference.java:52)
        
    org.springframework.expression.spel.ast.OpEQ.getValueInternal(OpEQ.java:37)
        
    org.springframework.expression.spel.ast.OpEQ.getValueInternal(OpEQ.java:1)
        
    org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:59)
        
    org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:1)
        
    org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
        
    org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97)
        
    org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
        
    org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:41)
        
    org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:54)
        
    org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:24)
        
    org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50)
        
    org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204)
        
    org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:59)
        
    org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
        
    org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:625)
        
    com.app.legaldir.controller.PeopleLanguagesController$$EnhancerByCGLIB$$16d76321_2.getPersonLanguages(<generated>)
        
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        
    java.lang.reflect.Method.invoke(Method.java:597)
        
    org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
        
    org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:436)
        
    org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:424)
        
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:863)
        
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
        
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:851)
        
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:756)
        
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
        
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:328)
        
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
        
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
        
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
        
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:175)
        
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259
    and the controller method is..

    Code:
        
        @RequestMapping(value="/profile/personlanguages.html", method=RequestMethod.GET)
        @PreAuthorize("hasRole('ROLE_ADMIN') or #pId==principal.personId")
        public String getPersonLanguages(@RequestParam(value="pid", required=true) int pId, @RequestParam(value="msg", required=false)String msg,ModelMap map ){
            
            map.addAttribute("person", personService.getPersonById(pId));        
            map.addAttribute("languagesList", peopleLanguageManager.getLanguagesNotListedForPerson(pId));
            map.addAttribute("personLang", new PersonLicenseForm());
            map.addAttribute("msg", msg);
            return "profile/personlanguages";
        }
    I have pre-post-annotations set to enabled and use-expression set to true.

    if I remove '#' part from the expression, I get the following error

    PHP Code:
    java.lang.IllegalArgumentExceptionFailed to evaluate expression 'hasRole('ROLE_ADMIN') or pId==principal.personId'
        
    at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13)
        
    at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:41)
        
    at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:54)
        
    at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:24)
    ..............................
    Caused byorg.springframework.expression.spel.SpelEvaluationExceptionEL1008E:(pos 28): Field or property 'pId' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot' 

  • #2
    Oops it was too early call for help.. I just didn't have the proper version of aop..

    Comment

    Working...
    X