无法验证Spring Security中的URL模式角色

我正在使用Spring Security 3.1.7.RELEASE和Spring 3.2.13.RELEASE。

我在spring-security.xml中有如下条目:

<http auto-config="true" use-expressions="true"> 

<intercept-url pattern=".*admin.htm" access="hasRole(ROLE_ADMIN)" />

<intercept-url pattern="/siteadmin/*.htm" access="ROLE_ADMIN" />

<intercept-url pattern="/siteadmin/cleancache.htm" access="hasRole('ROLE_ADMIN')" />

当我尝试访问url /siteadmin/cleancache.htm时,出现以下异常:

java.lang.IllegalArgumentException: Failed to evaluate expression ‘ROLE_ADMIN’ org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18) org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)

Root Cause:

org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field ‘ROLE_ADMIN’ cannot be found on object of type ‘org.springframework.security.web.access.expression.WebSecurityExpressionRoot’ - maybe not public? org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:214) org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:85) org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:78) org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98) org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34)

高度赞赏任何指针。

回答:

你有几次错别字。第一行intercept-url行缺少ROLE_ADMIN周围的单引号,第二行缺少hasRole。它应该是

<http auto-config="true" use-expressions="true"> 

<intercept-url pattern=".*admin.htm" access="hasRole('ROLE_ADMIN')" />

<intercept-url pattern="/siteadmin/*.htm" access="hasRole('ROLE_ADMIN')" />

<intercept-url pattern="/siteadmin/cleancache.htm" access="hasRole('ROLE_ADMIN')" />

以上是 无法验证Spring Security中的URL模式角色 的全部内容, 来源链接: utcz.com/qa/398118.html

回到顶部