Announcement Announcement Module
Collapse
No announcement yet.
No visible WebSecurityExpressionHandler instance could be found in the application Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • No visible WebSecurityExpressionHandler instance could be found in the application

    Hi Guys,

    I'm new to Spring security and trying to develop simple application. following shows my spring-servlet.xml file.

    HTML Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:jdbc="http://www.springframework.org/schema/jdbc"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
               http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
               http://www.springframework.org/schema/jdbc
    			http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
               http://www.springframework.org/schema/security
               http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	
    	
    	<http auto-config="true" use-expressions="true">
    		<intercept-url pattern="/account/*.do" access="hasRole('ROLE_HRM') and fullyAuthenticated"/>
    		<intercept-url pattern="/login.do" access="permitAll"/>
    		<intercept-url pattern="/*" access="hasRole('ROLE_HRM')"/>
    		
    		
    		<form-login login-page="/login.do" />
    		
    		<remember-me key="hrm"/>
    		
    		<logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/>
    		
    		
    	</http>
    	
    	<authentication-manager>
        <authentication-provider>
          <jdbc-user-service data-source-ref="dataSource"/>
        </authentication-provider>
      </authentication-manager>
    </beans:beans>
    And there I have enabled use expression feature like this 'use-expressions="true"'
    When I'm going to access my index.jsp file it generates an error.

    in my index.jsp its like this

    HTML Code:
    <sec:authorize access="hasRole('ROLE_USER') and fullyAuthenticated">
    	<c:url value="/account/home.do" var="accountUrl"/>
    	<li><a href="${accountUrl}">My Account</a> (with 'access' attr)</li>
    </sec:authorize>
    The error I'm getting is

    Code:
    java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
    	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.getExpressionHandler(AbstractAuthorizeTag.java:323)
    	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorizeUsingAccessExpression(AbstractAuthorizeTag.java:169)
    	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorize(AbstractAuthorizeTag.java:104)
    	at org.springframework.security.taglibs.authz.JspAuthorizeTag.doStartTag(JspAuthorizeTag.java:54)
    	at org.apache.jsp.index_jsp._jspx_meth_sec_005fauthorize_005f0(index_jsp.java:147)
    	at org.apache.jsp.index_jsp._jspService(index_jsp.java:95)
    	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369)
    	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
    	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:343)
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
    	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
    	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
    	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    	at java.lang.Thread.run(Thread.java:662)
    Can anybody help ??


    Thank you,
    Dilana

  • #2
    Can you post your web.xml? I suspect that you need to associate your spring security configuration with the ContextLoaderListener as apposed to the DispatcherServlet.

    Comment


    • #3
      Originally posted by rwinch View Post
      Can you post your web.xml? I suspect that you need to associate your spring security configuration with the ContextLoaderListener as apposed to the DispatcherServlet.
      Hi,

      Thank you for your reply and here is my web.xml.



      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns="http://java.sun.com/xml/ns/javaee"
      xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
      id="WebApp_ID" version="2.5">

      <display-name>Spring3-Hibernate</display-name>
      <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
      </welcome-file-list>
      <servlet>
      <servlet-name>spring</servlet-name>
      <servlet-class>
      org.springframework.web.servlet.DispatcherServlet
      </servlet-class>
      <load-on-startup>1</load-on-startup>
      </servlet>
      <servlet-mapping>
      <servlet-name>spring</servlet-name>
      <url-pattern>/</url-pattern>
      </servlet-mapping>

      <listener>
      <listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
      </listener>

      <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>
      /WEB-INF/spring-security.xml
      /WEB-INF/applicationContext.xml
      </param-value>
      </context-param>


      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
      </filter>
      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      <jsp-config>
      <taglib>
      <taglib-uri>
      http://www.springframework.org/security/tags
      </taglib-uri>
      <taglib-location>
      /WEB-INF/tld/security.tld
      </taglib-location>
      </taglib>
      </jsp-config>


      </web-app>

      Thanks,
      Dilanalex

      Comment


      • #4
        Specify the <http use-expressions="true"> in the spring-security.xml instead of the spring-servlet.xml

        PS: In the future please use code tags when posting configuration, logs, code, etc.

        Comment


        • #5
          Originally posted by rwinch View Post
          Specify the <http use-expressions="true"> in the spring-security.xml instead of the spring-servlet.xml

          PS: In the future please use code tags when posting configuration, logs, code, etc.
          Hi,

          Thank you for the reply and your advice.

          Ill try this and will post the result here.

          Thank you,
          Dilanalex.

          Comment


          • #6
            No visible WebSecurityExpressionHandler instance could be found in the application

            Originally posted by dilanalex View Post
            Hi,

            Thank you for the reply and your advice.

            Ill try this and will post the result here.

            Thank you,
            Dilanalex.
            Hi,
            Any solution for this problem?

            Comment


            • #7
              http://stackoverflow.com/questions/1...-could-be-foun

              Comment

              Working...
              X