spring security自定义登录界面出现IS_AUTHENTICATED_ANONYMOUSLY错误

spring | 2019-09-13 10:02:39

在spring security中自定义登录界面,配置如下:

<http auto-config="true">
                <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
                <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?message=" default-target-url="/index.jsp" />
                
        </http>

报错信息:

java.lang.IllegalArgumentException: Failed to evaluate expression 'IS_AUTHENTICATED_ANONYMOUSLY'
        at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:14)
        at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:36)
        at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18)
        at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)
        at org.springframework.security.config.http.DefaultFilterChainValidator.checkLoginPageIsntProtected(DefaultFilterChainValidator.java:191)
        at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:36)
        at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:167)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1612)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1549)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:304)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:300)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:195)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:700)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:760)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
        at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:381)
        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:293)
        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
        at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
        at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1572)
        at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1562)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'IS_AUTHENTICATED_ANONYMOUSLY' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'
        at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:217)
        at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:85)
        at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:78)
        at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:113)
        at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:105)
        at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
        ... 29 more

解决方法:

<http auto-config="true">
                <intercept-url pattern="/**/*.js" access="hasRole('ROLE_ANONYMOUS')" />
                <intercept-url pattern="/**/*.css" access="hasRole('ROLE_ANONYMOUS')" />
                <intercept-url pattern="/**/*.png" access="hasRole('ROLE_ANONYMOUS')" />
                <intercept-url pattern="/**/*.jpg" access="hasRole('ROLE_ANONYMOUS')" />
                <intercept-url pattern="/login.jsp" access="hasRole('ROLE_ANONYMOUS')" />
                <intercept-url pattern="/configAction/getConfig.action" access="hasRole('ROLE_ANONYMOUS')" />
                
                <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
                <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?message=" default-target-url="/index.jsp" />
                
        </http>

配置中用hasRole('ROLE_ANONYMOUS')就可以了,当然你还要允许能匿名访问css,js,图片等资源,也要能访问login.jsp要不然,会出现定向循环错误。

登录后即可回复 登录 | 注册
    
关注编程学问公众号