No visible WebSecurityExpressionHandler instance could be found in the application

**dilanalex** · Feb 27th, 2012, 10:12 AM

Hi Guys,

I'm new to Spring security and trying to develop simple application. following shows my spring-servlet.xml file.

HTML Code:

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:jdbc="http://www.springframework.org/schema/jdbc"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/jdbc
			http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	
	
	<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/account/*.do" access="hasRole('ROLE_HRM') and fullyAuthenticated"/>
		<intercept-url pattern="/login.do" access="permitAll"/>
		<intercept-url pattern="/*" access="hasRole('ROLE_HRM')"/>
		
		
		<form-login login-page="/login.do" />
		
		<remember-me key="hrm"/>
		
		<logout invalidate-session="true" logout-success-url="/" logout-url="/j_spring_security_logout"/>
		
		
	</http>
	
	<authentication-manager>
    <authentication-provider>
      <jdbc-user-service data-source-ref="dataSource"/>
    </authentication-provider>
  </authentication-manager>
</beans:beans>

And there I have enabled use expression feature like this 'use-expressions="true"'
When I'm going to access my index.jsp file it generates an error.

in my index.jsp its like this

HTML Code:

<sec:authorize access="hasRole('ROLE_USER') and fullyAuthenticated">
	<c:url value="/account/home.do" var="accountUrl"/>
	<li><a href="${accountUrl}">My Account</a> (with 'access' attr)</li>
</sec:authorize>

The error I'm getting is

Code:

java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context. There must be at least one in order to support expressions in JSP 'authorize' tags.
	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.getExpressionHandler(AbstractAuthorizeTag.java:323)
	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorizeUsingAccessExpression(AbstractAuthorizeTag.java:169)
	at org.springframework.security.taglibs.authz.AbstractAuthorizeTag.authorize(AbstractAuthorizeTag.java:104)
	at org.springframework.security.taglibs.authz.JspAuthorizeTag.doStartTag(JspAuthorizeTag.java:54)
	at org.apache.jsp.index_jsp._jspx_meth_sec_005fauthorize_005f0(index_jsp.java:147)
	at org.apache.jsp.index_jsp._jspService(index_jsp.java:95)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:369)
	at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:322)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:249)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:343)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:662)

Can anybody help ??

Thank you,
Dilana

**Rob Winch** · Feb 27th, 2012, 07:03 PM

Can you post your web.xml? I suspect that you need to associate your spring security configuration with the ContextLoaderListener as apposed to the DispatcherServlet.

**dilanalex** · Feb 29th, 2012, 12:10 PM

Originally Posted by rwinch

Can you post your web.xml? I suspect that you need to associate your spring security configuration with the ContextLoaderListener as apposed to the DispatcherServlet.

Hi,

Thank you for your reply and here is my web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">

<display-name>Spring3-Hibernate</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
<listener-class>org.springframework.web.context.ContextLoade rListener</listener-class>
</listener>

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<jsp-config>
<taglib>
<taglib-uri>
http://www.springframework.org/security/tags
</taglib-uri>
<taglib-location>
/WEB-INF/tld/security.tld
</taglib-location>
</taglib>
</jsp-config>

</web-app>

Thanks,
Dilanalex

**Rob Winch** · Feb 29th, 2012, 12:40 PM

Specify the <http use-expressions="true"> in the spring-security.xml instead of the spring-servlet.xml

PS: In the future please use code tags when posting configuration, logs, code, etc.

**dilanalex** · Mar 1st, 2012, 11:26 PM

Originally Posted by rwinch

Specify the <http use-expressions="true"> in the spring-security.xml instead of the spring-servlet.xml

PS: In the future please use code tags when posting configuration, logs, code, etc.

Hi,

Thank you for the reply and your advice.

Ill try this and will post the result here.

Thank you,
Dilanalex.

**mcumbay** · Sep 26th, 2012, 02:57 PM

Originally Posted by dilanalex

Hi,

Thank you for the reply and your advice.

Ill try this and will post the result here.

Thank you,
Dilanalex.

Hi,
Any solution for this problem?

Thread: No visible WebSecurityExpressionHandler instance could be found in the application

Thread Tools

Display

No visible WebSecurityExpressionHandler instance could be found in the application

No visible WebSecurityExpressionHandler instance could be found in the application

Posting Permissions