Announcement Announcement Module
Collapse
No announcement yet.
Error Evaluating Security Expression Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error Evaluating Security Expression

    I am sending a request to authorization endpoint and I want to validate that the request is coming from a registered client by validating BASIC_AUTH header in the request.
    I have added this block:
    Code:
    <http  use-expressions="true" authentication-manager-ref="clientAuthenticationManager" create-session="stateless" access-denied-page="/login.jsp?authorization_error=true" disable-url-rewriting="true"  xmlns="http://www.springframework.org/schema/security">
            <intercept-url pattern="/oauth/**" access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient())" />
            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
            <http-basic />
            <form-login authentication-failure-url="/login.jsp?authentication_error=true"
                        default-target-url="/index.jsp" login-page="http://www.google.com"
                        login-processing-url="/login.do" />
           
            <anonymous />
        </http>
    But this is giving me error evaluating: access="#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient())" .
    I am not sure why security context is cleared before expression evaluation or do I need to write a custom filter. StackTrace is:

    2013-11-20 12:19:35.993 [http-bio-8080-exec-1] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
    Nov 20, 2013 12:19:35 PM org.apache.catalina.core.StandardWrapperValve invoke
    SEVERE: Servlet.service() for servlet [SpringMVC] in context with path [/auth-service-v2] threw exception
    java.lang.IllegalArgumentException: Failed to evaluate expression '#oauth2.clientHasRole('ROLE_CLIENT') and (hasRole('ROLE_USER') or #oauth2.isClient())'
    at org.springframework.security.access.expression.Exp ressionUtils.evaluateAsBoolean(ExpressionUtils.jav a:13)
    at org.springframework.security.web.access.expression .WebExpressionVoter.vote(WebExpressionVoter.java:3 4)
    at org.springframework.security.web.access.expression .WebExpressionVoter.vote(WebExpressionVoter.java:1 8)
    at org.springframework.security.access.vote.Affirmati veBased.decide(AffirmativeBased.java:62)
    at org.springframework.security.access.intercept.Abst ractSecurityInterceptor.beforeInvocation(AbstractS ecurityInterceptor.java:206)
    at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.invoke(FilterSecurityInt erceptor.java:115)
    at org.springframework.security.web.access.intercept. FilterSecurityInterceptor.doFilter(FilterSecurityI nterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.access.ExceptionT ranslationFilter.doFilter(ExceptionTranslationFilt er.java:113)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.An onymousAuthenticationFilter.doFilter(AnonymousAuth enticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.servletapi.Securi tyContextHolderAwareRequestFilter.doFilter(Securit yContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.http://www.BasicAuthenticationFilter...ilter.java:201)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.authentication.Ab stractAuthenticationProcessingFilter.doFilter(Abst ractAuthenticationProcessingFilter.java:183)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.context.SecurityC ontextPersistenceFilter.doFilter(SecurityContextPe rsistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$ VirtualFilterChain.doFilter(FilterChainProxy.java: 342)
    at org.springframework.security.web.FilterChainProxy. doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy. doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(DelegatingFilterProxy.java:343)
    at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(DelegatingFilterProxy.java:260)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.CharacterEncodingFi lter.doFilterInternal(CharacterEncodingFilter.java :88)
    at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:100)
    at org.apache.catalina.valves.AccessLogValve.invoke(A ccessLogValve.java:953)
    at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1041)
    at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:603)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:310)
    at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)
    Caused by: org.springframework.expression.spel.SpelEvaluation Exception: EL1011Epos 0): Method call: Attempted to call method clientHasRole(java.lang.String) on null context object
    at org.springframework.expression.spel.ast.MethodRefe rence.getValueRef(MethodReference.java:83)
    at org.springframework.expression.spel.ast.CompoundEx pression.getValueRef(CompoundExpression.java:63)
    at org.springframework.expression.spel.ast.CompoundEx pression.getValueInternal(CompoundExpression.java: 82)
    at org.springframework.expression.spel.ast.SpelNodeIm pl.getValue(SpelNodeImpl.java:134)
    at org.springframework.expression.spel.ast.OpAnd.getB ooleanValue(OpAnd.java:51)
    at org.springframework.expression.spel.ast.OpAnd.getV alueInternal(OpAnd.java:42)
    at org.springframework.expression.spel.ast.SpelNodeIm pl.getTypedValue(SpelNodeImpl.java:102)
    at org.springframework.expression.spel.standard.SpelE xpression.getValue(SpelExpression.java:98)
    at org.springframework.security.access.expression.Exp ressionUtils.evaluateAsBoolean(ExpressionUtils.jav a:11)
    ... 43 more

  • #2
    I feel your pain. Having the exact same issue. Any resolution?

    Comment

    Working...
    X