An error occured using authorize tag in JSP

June 28, 2014 Tips Spring Bartosz Konieczny

Home Programming tips Spring tips An error occured using authorize tag in JSP
Like what I do? Support me on Ko-fi

If you use Spring Security project, you can be take to deal with following exception: 
javax.servlet.ServletException: javax.servlet.jsp.JspException: java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
	org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:907)
	org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:840)
	org.apache.jsp.WEB_002dINF.classes.layout.top_jsp._jspService(top_jsp.java:85)
	org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
	org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
	org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
	org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:954)
	org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:684)
	org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:678)
	org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:103)
	org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:96)
	org.apache.tiles.renderer.impl.TemplateAttributeRenderer.write(TemplateAttributeRenderer.java:44)
	org.apache.tiles.renderer.impl.AbstractBaseAttributeRenderer.render(AbstractBaseAttributeRenderer.java:106)org.apache.tiles.renderer.impl.ChainedDelegateAttributeRenderer.write(ChainedDelegateAttributeRenderer.java:76)org.apache.tiles.renderer.impl.AbstractBaseAttributeRenderer.render(AbstractBaseAttributeRenderer.java:106)
	org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:670)
	org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java
This exception can mean that you haven't turn on expression evaluation. Without it, Spring can't decide the meaning of access attribute from <sec:authorize /> tags (for example the meaning of isAuthenticated() for <sec:authorize access="isAuthenticated()">). The evaluator can be turn on through configuration file by definying a new bean: 
<global-method-security pre-post-annotations="enabled">
	<expression-handler ref="expressionHandler" />
</global-method-security>

<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
Another way to activate it, is the use of use-expressions attribute in <http /> tags in Spring Security configuration file, as below: 
<http auto-config="true" use-expressions="true" />
The absence of evaluator can also cause the interpretation problems for @PreAuthorize or @PostAuthorize annotations.

privacy policy © 2014 - 2024 waitingforcode.com. All rights reserved | Design: Jakub Kędziora