问题描述
在装饰器中调用安全身份验证属性principal.displayName会导致问题吗?
Is there a reason why calling the security authentication property principal.displayName in a decorator would cause a problem?
我将其设置为sitemesh装饰器中的变量:
I'm setting it as a variable in a sitemesh decorator:
<c:set var="displayName">
<sec:authentication property="principal.displayName" />
</c:set>
但它会生成此异常:
java.lang.RuntimeException: javax.servlet.ServletException: javax.servlet.jsp.JspException: Invalid property 'principal.displayName' o
f bean class [org.springframework.security.authentication.AnonymousAuthenticationToken]: Bean property 'principal.displayName' is not
readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
at com.opensymphony.sitemesh.webapp.decorator.BaseWebAppDecorator.render(BaseWebAppDecorator.java:39)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:84)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:195)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:159)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:417)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
推荐答案
此时您请求的Authentication对象是 AnonymousAuthenticationToken 类,并且该类没有名为displayName的属性.
Your request's Authentication object at that point is an instance of the AnonymousAuthenticationToken class, and that class does not have a property called displayName.
很显然,SpringSecurity认为用户未登录.您可能需要
Clearly, SpringSecurity believes that the user is not logged. You probably need to
-
更改访问规则,以便仅在用户登录时才能查看JSP,或者
change the access rules so that that JSP can only be viewed when the user is logged in, or
将JSP更改为类似于以下内容(假设您正在使用Spring 3.0.x,并且已启用Web安全表达式).
change the JSP so to something like the following (assuming that you are using Spring 3.0.x and you've enabled web security expressions).
<c:set var="displayName">
<sec:authorize access="isAuthenticated()">
<sec:authentication property="principal.displayName" />
</sec:authorize>
</c:set>
参考:
- Expression-based Access Control
- JSP Tag Libraries
这篇关于为什么在装饰器中调用安全认证属性`principal.displayName`会引发异常?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!