Spring security:sec:authorize标签给出流关闭异常
我正在使用Spring security 3.0.6。以下 JSP 片段是罪魁祸首:
<sec:authorize access="hasRole('ROLE_PREVIOUS_ADMINISTRATOR')">
<a href="<s:url value='/exitUser' />">
Switch back to your own role</a>
</sec:authorize>
引发以下异常:
Struts has detected an unhandled exception:
# Messages: Stream closed
File: org/apache/jasper/runtime/JspWriterImpl.java
Line number: 210
Stacktraces
java.io.IOException: Stream closed
org.apache.jasper.runtime.JspWriterImpl.ensureOpen(JspWriterImpl.java:210)
org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:115)
org.apache.jasper.runtime.JspWriterImpl.flush(JspWriterImpl.java:177)
org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:915)
org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:652)
org.apache.struts2.dispatcher.ServletDispatcherResult.doExecute(ServletDispatcherResult.java:123)
org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:373)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:277)
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:498)
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
我已成功将用户切换到另一个角色,现在正尝试显示切换回其自己角色的链接,但前提是他确实已切换。我推测,如果用户切换了角色,则他具有 ROLE_PREVIOUS_ADMINISTRATOR ,因此我正在执行上述操作。
我通过以下方式包含了标签库:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
I am using Spring security 3.0.6. The following JSP snippet is the culprit :
<sec:authorize access="hasRole('ROLE_PREVIOUS_ADMINISTRATOR')">
<a href="<s:url value='/exitUser' />">
Switch back to your own role</a>
</sec:authorize>
The following exception is thrown :
Struts has detected an unhandled exception:
# Messages: Stream closed
File: org/apache/jasper/runtime/JspWriterImpl.java
Line number: 210
Stacktraces
java.io.IOException: Stream closed
org.apache.jasper.runtime.JspWriterImpl.ensureOpen(JspWriterImpl.java:210)
org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:115)
org.apache.jasper.runtime.JspWriterImpl.flush(JspWriterImpl.java:177)
org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:915)
org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:652)
org.apache.struts2.dispatcher.ServletDispatcherResult.doExecute(ServletDispatcherResult.java:123)
org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:373)
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:277)
org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:52)
org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:498)
org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatcher.java:434)
I have successfully switched the user to another role and is now trying to display the link to switch back to his own role, but only if he has actually switched. I gather that the user has ROLE_PREVIOUS_ADMINISTRATOR if he has switched roles, and so I am doing the above.
I have included the tag library via :
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我没有
在我的 spring security xml 中指定。完成此操作并将拦截网址更改为在其接受值中使用表达式后,错误消失了。但无法在简单的测试应用程序中重现该错误。
编辑:我发现此错误的另一个例子是当我在
authorize标记中使用自定义 SPEL 表达式时,并且有一个NullPointerException在处理表达式的方法中。基本上,这个错误似乎通常隐藏了评估
authorize(或任何)标记中使用的表达式时的潜在错误I had not specified
in my spring security xml. After having done that, and changing the intercept urls to use expressions in their accepts values, the error disappeared. Wasn't able to reproduce the error in a simple test application though.
Edit : Another instance where I found this error was when I was using a custom SPEL expression in the
authorizetag, and there was aNullPointerExceptionin the method which handled the expression.Basically, it seems that the this error usually hides an underlying error in evaluating the expression used in the
authorize(or any) tag