Exception with Method Level Security

**rrkwells** · Oct 14th, 2011, 01:14 AM

I am getting following error when a request is made to the page..

PHP Code:


org.springframework.web.util.NestedServletException: Handler processing failed; nested exception is java.lang.NoSuchMethodError: org.springframework.aop.framework.AopProxyUtils.ultimateTargetClass(Ljava/lang/Object;)Ljava/lang/Class;
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:912)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:851)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:756)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:328)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
  ...........................................................................................................................
root cause

java.lang.NoSuchMethodError: org.springframework.aop.framework.AopProxyUtils.ultimateTargetClass(Ljava/lang/Object;)Ljava/lang/Class;
    org.springframework.security.access.expression.method.MethodSecurityEvaluationContext.addArgumentsAsVariables(MethodSecurityEvaluationContext.java:93)
    org.springframework.security.access.expression.method.MethodSecurityEvaluationContext.lookupVariable(MethodSecurityEvaluationContext.java:57)
    org.springframework.expression.spel.ExpressionState.lookupVariable(ExpressionState.java:122)
    org.springframework.expression.spel.ast.VariableReference.getValueInternal(VariableReference.java:52)
    org.springframework.expression.spel.ast.OpEQ.getValueInternal(OpEQ.java:37)
    org.springframework.expression.spel.ast.OpEQ.getValueInternal(OpEQ.java:1)
    org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:59)
    org.springframework.expression.spel.ast.OpOr.getValueInternal(OpOr.java:1)
    org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
    org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97)
    org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
    org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:41)
    org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:54)
    org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:24)
    org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:50)
    org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:204)
    org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:59)
    org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
    org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:625)
    com.app.legaldir.controller.PeopleLanguagesController$$EnhancerByCGLIB$$16d76321_2.getPersonLanguages(<generated>)
    sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    java.lang.reflect.Method.invoke(Method.java:597)
    org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
    org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:436)
    org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:424)
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:863)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:851)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:756)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:328)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:95)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:79)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:340)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:175)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

and the controller method is..

Code:

    
    @RequestMapping(value="/profile/personlanguages.html", method=RequestMethod.GET)
    @PreAuthorize("hasRole('ROLE_ADMIN') or #pId==principal.personId")
    public String getPersonLanguages(@RequestParam(value="pid", required=true) int pId, @RequestParam(value="msg", required=false)String msg,ModelMap map ){
        
        map.addAttribute("person", personService.getPersonById(pId));        
        map.addAttribute("languagesList", peopleLanguageManager.getLanguagesNotListedForPerson(pId));
        map.addAttribute("personLang", new PersonLicenseForm());
        map.addAttribute("msg", msg);
        return "profile/personlanguages";
    }

I have pre-post-annotations set to enabled and use-expression set to true.

if I remove '#' part from the expression, I get the following error

PHP Code:


java.lang.IllegalArgumentException: Failed to evaluate expression 'hasRole('ROLE_ADMIN') or pId==principal.personId'
    at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:13)
    at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:41)
    at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:54)
    at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:24)
..............................
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 28): Field or property 'pId' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot'

**rrkwells** · Oct 14th, 2011, 03:09 AM

Oops it was too early call for help.. I just didn't have the proper version of aop..

Thread: Exception with Method Level Security

Thread Tools

Display

Exception with Method Level Security

Tags for this Thread

Posting Permissions