Menu
Trying to test to see if a user is logged in I am using the following code:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize access="isAuthenticated()">
YES, you are logged in!
</sec:authorize>
But I am getting the following erorr?
javax.servlet.jsp.JspException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
at org.springframework.security.taglibs.authz.AuthorizeTag.getExpressionHandler(AuthorizeTag.java:100)
at org.springframework.security.taglibs.authz.AuthorizeTag.authorizeUsingAccessExpression(AuthorizeTag.java:58)
at org.springframework.security.taglibs.authz.AuthorizeTag.doStartTag(AuthorizeTag.java:48)
364
The HttpServletRequest.getUserPrincipal() will return the result of SecurityContextHolder.getContext().getAuthentication() . This means it is an Authentication which is typically an instance of UsernamePasswordAuthenticationToken when using username and password based authentication.
Spring Security has its own taglib which provides basic support for accessing security information and applying security constraints in JSPs.
Setting use-expressions="true" in the http element will work but means all your security settings in both Java code and security contexts must use expression notations. This can be a problem if you are currently using the standard security notations.
To use both expressions and standard notations just declare a new bean in your security context like so -
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
To use expressions to secure individual URLs, you would first need to set the use-expressions attribute in the element to true
<http use-expressions="true">
See Spring Security doc
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
