java.lang.IllegalArgumentException: Failed to evaluate expression 'hasRole(ROLE_ADMIN)'

Stack Overflow | javaHelper | 4 months ago
  1. Speed up your debug routine!

    Automated exception search integrated into your IDE

  2. 0

    The subsequent snippet may make no sense, but it causes a different attitude with tomcat and the jetty plugin from maven. If the following http configuration is used in the applicationContext-security.xml: # <?xml version="1.0" encoding="UTF-8"?> # <beans:beans xmlns="http://www.springframework.org/schema/security" # xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="http://www.springframework.org/schema/beans # http://www.springframework.org/schema/beans/spring-beans-3.0.xsd # http://www.springframework.org/schema/security # http://www.springframework.org/schema/security/spring-security-3.0.xsd"> # # # <http auto-config='true' use-expressions="true" # disable-url-rewriting="true"> # <intercept-url pattern="/" access="ROLE_CARRIER" /> # <intercept-url pattern="/restrict/carrier" access="ROLE_CARRIER"/> # <intercept-url pattern="/restrict/customer" access="ROLE_CUSTOMER"/> # <intercept-url pattern="/restrict/distributor" access="ROLE_DISTRIBUTOR"/> # <intercept-url pattern="/index.jsf" filters="none" /> # <intercept-url pattern="/failAuth.jsf" filters="none" /> # <intercept-url pattern="/**" access="isAuthenticated()" /> # # # <form-login login-page="/index.jsf" # authentication-failure-url="/failAuth.jsf" default-target-url="/successAuth.jsf" # authentication-success-handler-ref="redirectRoledependendStrategy" /> # <logout /> # # </http> tomcat serves the website without problems but jetty gives the following exceptions when i try to access localhost:8282/ldapAuth : HTTP ERROR 500 Problem accessing /ldapAuth/. Reason: Failed to evaluate expression 'ROLE_CARRIER' Caused by: java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_CARRIER' at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:926) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'ROLE_CARRIER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97) at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) ... 44 more Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'ROLE_CARRIER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97) at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:926) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Powered by Jetty:// If i uncomment the line: <intercept-url pattern="/" access="ROLE_CARRIER" /> the application is successfully accessible on tomcat and jetty. The following snippet shows my jetty-configuration in the pom.xml file: <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> <configuration> <scanIntervalSeconds>10</scanIntervalSeconds> <connectors> <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector"> <port>8282</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> hth, Ramo Karahasan

    Spring JIRA | 7 years ago | Ramo Karahasan
    java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_CARRIER'
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. org.springframework.expression.spel.SpelEvaluationException

    EL1008E:(pos 8): Property or field 'ROLE_ADMIN' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?

    at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty()
  2. Spring Expression Language (SpEL)
    SpelExpression.getValue
    1. org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:224)
    2. org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:94)
    3. org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:81)
    4. org.springframework.expression.spel.ast.MethodReference.getArguments(MethodReference.java:154)
    5. org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:84)
    6. org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:131)
    7. org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:299)
    7 frames
  3. spring-security-core
    ExpressionUtils.evaluateAsBoolean
    1. org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26)
    1 frame
  4. Spring Security
    WebExpressionVoter.vote
    1. org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:52)
    2. org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:33)
    2 frames
  5. spring-security-core
    AbstractSecurityInterceptor.beforeInvocation
    1. org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:63)
    2. org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    2 frames
  6. Spring Security
    BasicAuthenticationFilter.doFilterInternal
    1. org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    2. org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
    5. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    6. org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    7. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    8. org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    9. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    10. org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
    11. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    12. org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    13. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    14. org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    14 frames
  7. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  8. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    2. org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    5. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    6. org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
    7. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    7 frames
  9. org.springframework.security
    CsrfFilter.doFilterInternal
    1. org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
    1 frame
  10. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  11. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    1 frame
  12. org.springframework.security
    HeaderWriterFilter.doFilterInternal
    1. org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
    1 frame
  13. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  14. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    1 frame
  15. org.springframework.security
    WebAsyncManagerIntegrationFilter.doFilterInternal
    1. org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    1 frame
  16. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  17. Spring Security
    FilterChainProxy.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    2. org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    5. org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    5 frames
  18. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    2. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    2 frames
  19. Glassfish Core
    CoyoteAdapter.service
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    5. org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    6. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    7. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    8. org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
    9. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    10. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
    10 frames
  20. Grizzly HTTP
    NioEndpoint$SocketProcessor.run
    1. org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
    2. org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
    3. org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
    4. org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
    4 frames
  21. Java RT
    ThreadPoolExecutor$Worker.run
    1. java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    2. java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    2 frames
  22. Tomcat Util
    TaskThread$WrappingRunnable.run
    1. org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    1 frame
  23. Java RT
    Thread.run
    1. java.lang.Thread.run(Unknown Source)
    1 frame