java.lang.IllegalArgumentException: Failed to evaluate expression 'hasRole(ROLE_ADMIN)'

Stack Overflow | javaHelper | 6 months ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. Speed up your debug routine!

    Automated exception search integrated into your IDE

  2. 0

    The subsequent snippet may make no sense, but it causes a different attitude with tomcat and the jetty plugin from maven. If the following http configuration is used in the applicationContext-security.xml: # <?xml version="1.0" encoding="UTF-8"?> # <beans:beans xmlns="http://www.springframework.org/schema/security" # xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="http://www.springframework.org/schema/beans # http://www.springframework.org/schema/beans/spring-beans-3.0.xsd # http://www.springframework.org/schema/security # http://www.springframework.org/schema/security/spring-security-3.0.xsd"> # # # <http auto-config='true' use-expressions="true" # disable-url-rewriting="true"> # <intercept-url pattern="/" access="ROLE_CARRIER" /> # <intercept-url pattern="/restrict/carrier" access="ROLE_CARRIER"/> # <intercept-url pattern="/restrict/customer" access="ROLE_CUSTOMER"/> # <intercept-url pattern="/restrict/distributor" access="ROLE_DISTRIBUTOR"/> # <intercept-url pattern="/index.jsf" filters="none" /> # <intercept-url pattern="/failAuth.jsf" filters="none" /> # <intercept-url pattern="/**" access="isAuthenticated()" /> # # # <form-login login-page="/index.jsf" # authentication-failure-url="/failAuth.jsf" default-target-url="/successAuth.jsf" # authentication-success-handler-ref="redirectRoledependendStrategy" /> # <logout /> # # </http> tomcat serves the website without problems but jetty gives the following exceptions when i try to access localhost:8282/ldapAuth : HTTP ERROR 500 Problem accessing /ldapAuth/. Reason: Failed to evaluate expression 'ROLE_CARRIER' Caused by: java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_CARRIER' at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:926) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'ROLE_CARRIER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97) at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) ... 44 more Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Field or property 'ROLE_CARRIER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:206) at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:71) at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102) at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97) at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11) at org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34) at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:326) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:926) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582) Powered by Jetty:// If i uncomment the line: <intercept-url pattern="/" access="ROLE_CARRIER" /> the application is successfully accessible on tomcat and jetty. The following snippet shows my jetty-configuration in the pom.xml file: <plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> <configuration> <scanIntervalSeconds>10</scanIntervalSeconds> <connectors> <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector"> <port>8282</port> <maxIdleTime>60000</maxIdleTime> </connector> </connectors> </configuration> </plugin> hth, Ramo Karahasan

    Spring JIRA | 7 years ago | Ramo Karahasan
    java.lang.IllegalArgumentException: Failed to evaluate expression 'ROLE_CARRIER'
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. org.springframework.expression.spel.SpelEvaluationException

    EL1008E:(pos 8): Property or field 'ROLE_ADMIN' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?

    at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty()
  2. Spring Expression Language (SpEL)
    SpelExpression.getValue
    1. org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:224)
    2. org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:94)
    3. org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:81)
    4. org.springframework.expression.spel.ast.MethodReference.getArguments(MethodReference.java:154)
    5. org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:84)
    6. org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:131)
    7. org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:299)
    7 frames
  3. spring-security-core
    ExpressionUtils.evaluateAsBoolean
    1. org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26)
    1 frame
  4. Spring Security
    WebExpressionVoter.vote
    1. org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:52)
    2. org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:33)
    2 frames
  5. spring-security-core
    AbstractSecurityInterceptor.beforeInvocation
    1. org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:63)
    2. org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    2 frames
  6. Spring Security
    BasicAuthenticationFilter.doFilterInternal
    1. org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    2. org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
    5. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    6. org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
    7. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    8. org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    9. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    10. org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
    11. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    12. org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
    13. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    14. org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158)
    14 frames
  7. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  8. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    2. org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:177)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    5. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    6. org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
    7. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    7 frames
  9. org.springframework.security
    CsrfFilter.doFilterInternal
    1. org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
    1 frame
  10. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  11. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    1 frame
  12. org.springframework.security
    HeaderWriterFilter.doFilterInternal
    1. org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
    1 frame
  13. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  14. Spring Security
    FilterChainProxy$VirtualFilterChain.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    1 frame
  15. org.springframework.security
    WebAsyncManagerIntegrationFilter.doFilterInternal
    1. org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
    1 frame
  16. Spring
    OncePerRequestFilter.doFilter
    1. org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    1 frame
  17. Spring Security
    FilterChainProxy.doFilter
    1. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    2. org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    3. org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    4. org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    5. org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    5 frames
  18. Spring
    DelegatingFilterProxy.doFilter
    1. org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    2. org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    2 frames
  19. Glassfish Core
    CoyoteAdapter.service
    1. org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    2. org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    3. org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    4. org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    5. org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    6. org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    7. org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    8. org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
    9. org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    10. org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:528)
    10 frames
  20. Grizzly HTTP
    NioEndpoint$SocketProcessor.run
    1. org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1099)
    2. org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:670)
    3. org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1520)
    4. org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1476)
    4 frames
  21. Java RT
    ThreadPoolExecutor$Worker.run
    1. java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    2. java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    2 frames
  22. Tomcat Util
    TaskThread$WrappingRunnable.run
    1. org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    1 frame
  23. Java RT
    Thread.run
    1. java.lang.Thread.run(Unknown Source)
    1 frame