Is there a reason why calling the security authentication property principal.displayName
in a decorator would cause a problem?
I'm setting it as a variable in a sitemesh decorator:
<c:set var="displayName">
<sec:authentication property="principal.displayName" />
</c:set>
But it generates this exception:
java.lang.RuntimeException: javax.servlet.ServletException: javax.servlet.jsp.JspException: Invalid property 'principal.displayName' o
f bean class [org.springframework.security.authentication.AnonymousAuthenticationToken]: Bean property 'principal.displayName' is not
readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
at com.opensymphony.sitemesh.webapp.decorator.BaseWebAppDecorator.render(BaseWebAppDecorator.java:39)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:84)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:195)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:159)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:417)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
Your request's Authentication
object at that point is an instance of the AnonymousAuthenticationToken
class, and that class does not have a property called displayName
.
Clearly, SpringSecurity believes that the user is not logged. You probably need to
change the access rules so that that JSP can only be viewed when the user is logged in, or
change the JSP so to something like the following (assuming that you are using Spring 3.0.x and you've enabled web security expressions).
<c:set var="displayName">
<sec:authorize access="isAuthenticated()">
<sec:authentication property="principal.displayName" />
</sec:authorize>
</c:set>
References:
Followed by the Answer of Stephen C and the References given by him
I successfully wrote my code As
<sec:authorize access="hasAnyRole('ROLE_DEFINED_1','ROLE_DEFINED_2')">
<sec:authentication property="principal.displayName" />
</sec:authorize>
Where, ROLE_DEFINED_1 and ROLE_DEFINED_2 are Roles defined in your application.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.