无法验证 Spring Security 中 url 模式的角色
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28459446/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unable to validate role in Spring Security for url pattern
提问by tarunkumar
I am using spring security 3.1.7.RELEASE with spring 3.2.13.RELEASE.
我正在使用 spring security 3.1.7.RELEASE 和 spring 3.2.13.RELEASE。
I have entry in my spring-security.xml as follows:
我在 spring-security.xml 中有如下条目:
<http auto-config="true" use-expressions="true">
<intercept-url pattern=".*admin.htm" access="hasRole(ROLE_ADMIN)" />
<intercept-url pattern="/siteadmin/*.htm" access="ROLE_ADMIN" />
<intercept-url pattern="/siteadmin/cleancache.htm" access="hasRole('ROLE_ADMIN')" />
When I try to hit url /siteadmin/cleancache.htm I get following exception:
当我尝试点击 url /siteadmin/cleancache.htm 时,出现以下异常:
java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_ADMIN' org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)
Root Cause:
org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field 'ROLE_ADMIN' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public? org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:214) org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:85) org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:78) org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98) org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34)
java.lang.IllegalArgumentException:无法评估表达式 'ROLE_ADMIN' org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter .java:34) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)
根本原因:
org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): 在“org.springframework.security.web.access.expression.WebSecurityExpressionRoot”类型的对象上找不到属性或字段“ROLE_ADMIN”——可能不是公开的?org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:214) org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:85) org.springframework.expression.spel.ast. PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:78) org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98) org.springframework.security.access。
Any pointers on same are highly appreciated.
任何关于相同的指针都受到高度赞赏。
回答by thedoctor
You have a couple of typos. The first intercept-url line is missing single quotes around ROLE_ADMIN and the second line is missing hasRole. It should be
你有几个错别字。第一个intercept-url 行在ROLE_ADMIN 周围缺少单引号,第二行缺少hasRole。它应该是
<http auto-config="true" use-expressions="true">
<intercept-url pattern=".*admin.htm" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/siteadmin/*.htm" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/siteadmin/cleancache.htm" access="hasRole('ROLE_ADMIN')" />
回答by Rubens
what happens is that the official documentation of security spring brings the examples as you placed:
发生的事情是安全弹簧的官方文档带来了您放置的示例:
<Intercept-url pattern = "/ siteadmin / *. Htm" access = "ROLE_ADMIN" />
but you should putting on
但你应该穿上
<Intercept-url pattern = ". * Admin.htm" access = "hasRole ('ROLE_ADMIN')" />
