<security:authentication> gives exception after some time

[s_nakarani]

I have used following in my jsp. to display user name in JSP.

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

<security:authentication property="principal.username" />

when I am not using my system for more than 30 minutes and session is automatically expired, if i try to use click on any link, i got following exception.


SEVERE: Servlet.service() for servlet jsp threw exception
org.springframework.beans.NotReadablePropertyExcep tion: Invalid property 'principal.username' of bean class

[org.springframework.security.providers.anonymous.A nonymousAuthenticationToken]: Bean property 'principal.username' is not readable
getter match the parameter type of the setter?
at org.springframework.beans.BeanWrapperImpl.getPrope rtyValue(BeanWrapperImpl.java:533)
at org.springframework.beans.BeanWrapperImpl.getPrope rtyValue(BeanWrapperImpl.java:525)
at org.springframework.security.taglibs.authz.Authent icationTag.doEndTag(AuthenticationTag.java:101)
at org.apache.jsp.decorators.wideTemplate_jsp._jspx_m eth_security_005fauthentication_005f0(wideTemplate _jsp.java:1022)
at org.apache.jsp.decorators.wideTemplate_jsp._jspSer vice(wideTemplate_jsp.java:304)
at org.apache.jasper.runtime.HttpJspBase.service(Http JspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:803)
at org.apache.jasper.servlet.JspServletWrapper.servic e(JspServletWrapper.java:374)
at org.apache.jasper.servlet.JspServlet.serviceJspFil e(JspServlet.java:337)
at org.apache.jasper.servlet.JspServlet.service(JspSe rvlet.java:266)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:803)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.inv oke(ApplicationDispatcher.java:630)
at org.apache.catalina.core.ApplicationDispatcher.doI nclude(ApplicationDispatcher.java:535)
at org.apache.catalina.core.ApplicationDispatcher.inc lude(ApplicationDispatcher.java:472)
at com.opensymphony.sitemesh.compatability.OldDecorat or2NewDecorator.render(OldDecorator2NewDecorator.j ava:46)
at com.opensymphony.sitemesh.webapp.decorator.BaseWeb AppDecorator.render(BaseWebAppDecorator.java:33)
at com.opensymphony.sitemesh.webapp.SiteMeshFilter.do Filter(SiteMeshFilter.java:84)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.springframework.orm.hibernate3.support.OpenSes sionInViewFilter.doFilterInternal(OpenSessionInVie wFilter.java:198)
at org.springframework.web.filter.OncePerRequestFilte r.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.tuckey.web.filters.urlrewrite.RuleChain.handle Rewrite(RuleChain.java:164)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRule s(RuleChain.java:141)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.proc essRequest(UrlRewriter.java:90)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter .doFilter(UrlRewriteFilter.java:417)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.springframework.web.filter.HiddenHttpMethodFil ter.doFilterInternal(HiddenHttpMethodFilter.java:7 1)

[Marten Deinum]

Use [ code][/code ] tags when posting code.

Your principal is replaced due to a session time-out with a anonymous one which doesn't have a username. Make sure you use that only in pages which are accessible by authenticated users else you will get these exceptions. Or check if a user is fully authenticated instead of anonymous.