春季安全。授权在jsp上不起作用
Posted
技术标签:
【中文标题】春季安全。授权在jsp上不起作用【英文标题】:Spring security. authorize doesn't work on jsp 【发布时间】:2015-02-05 07:29:38 【问题描述】:我有以下 jsp 页面,该 jsp 按预期编译
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
<c:if test="$sessionScope.userName!=null">
...
</c:if>
在登录控制器方法中,我有以下行:
session.setAttribute("userName", name);
我认为最好使用 spring 安全标签重写它
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
<sprSec:authorize access="isAuthenticated()">
...
</sprSec:authorize>
现在尝试访问页面时出现以下错误:
org.apache.jasper.JasperException: org.apache.jasper.JasperException: An exception occurred processing JSP page /WEB-INF/*/*****.jsp at line 5
2: <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
3: <%@ taglib prefix="sprSec" uri="http://www.springframework.org/security/tags"%>
4:
5: <sprSec:authorize access="isAuthenticated()">
6:
7: <c:set var="profileUrl" value="#" scope="request" />
8: <sprSec:authorize ifAllGranted="ROLE_USER">
....
root cause
javax.servlet.ServletException: javax.servlet.jsp.JspException: java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
..........
【问题讨论】:
【参考方案1】:这可能是 Spring Security - No visible WebSecurityExpressionHandler instance could be found in the application context 的副本。
正如那里指出的,确保为您的配置的http 元素添加一个设置为true 的use-expressions 属性,即写<http use-expressions="true">。
【讨论】:
如果我写 use-expressions="true" 那么我会看到错误但如果我注册 bean(如答案中所述 - 效果很好)以上是关于春季安全。授权在jsp上不起作用的主要内容,如果未能解决你的问题,请参考以下文章