Ankit
Reputation: 251
Null pointer Exception in Spring Security Expression's isAnonymous method
I'm using Spring Security 3.2. I get the Null Pointer Exception whenever I deploy my project on Apache Tomcat Server. The web.xml is
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>ch04</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>terrormovies</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping><servlet-name>terrormovies</servlet-name><url-pattern>/</url-pattern></servlet-mapping></web-app>
The Application context Security.xml file is
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:http auto-config="true" use-expressions="true">
<security:expression-handler ref="expressionHandler" />
<security:intercept-url pattern="/admin/*"
access="hasIpAddress('127.0.0.1')and (isAnonymous() ? false : principal.lastname == 'Scarioni') and over18" />
<security:remember-me key="terror-key" />
<security:logout delete-cookies="JSESSIONID"
success-handler-ref="logoutRedirectToAny" />
<security:form-login login-page="/custom_login"
authentication-failure-handler-ref="serverErrorHandler"
username-parameter="user_param" password-parameter="pass_param" />
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="inMemoryUserServiceWithCustomUser" />
</security:authentication-manager>
<bean id="expressionHandler"
class="com.apress.pss.terrormovies.security.CustomWebSecurityExpressionHandler" />
<bean id="inMemoryUserServiceWithCustomUser"
class="com.apress.pss.terrormovies.spring.CustomInMemoryUserDetailsManager">
<constructor-arg>
<list>
<bean class="com.apress.pss.terrormovies.model.User">
<constructor-arg value="admin" />
<constructor-arg value="admin" />
<constructor-arg>
<list>
<bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_ADMIN" />
</bean>
</list>
</constructor-arg>
<constructor-arg value="Scarioni" />
<constructor-arg value="19" />
</bean>
</list>
</constructor-arg>
</bean>
<bean id="logoutRedirectToAny" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="targetUrlParameter" value="redirectTo" />
</bean>
<bean id="serverErrorHandler"
class="com.apress.pss.terrormovies.security.ServerErrorFailureHandler" />
The stack trace of error is as follows.
java.lang.NullPointerException
org.springframework.security.access.expression.SecurityExpressionRoot.isAnonymous(SecurityExpressionRoot.java:88)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:601)
org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:69)
org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:122)
org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:80)
org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:134)
org.springframework.expression.spel.ast.Ternary.getValueInternal(Ternary.java:47)
org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:134)
org.springframework.expression.spel.ast.OpAnd.getBooleanValue(OpAnd.java:51)
org.springframework.expression.spel.ast.OpAnd.getValueInternal(OpAnd.java:46)
org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:134)
org.springframework.expression.spel.ast.OpAnd.getBooleanValue(OpAnd.java:51)
org.springframework.expression.spel.ast.OpAnd.getValueInternal(OpAnd.java:42)
org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:98)
org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)
org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:34)
org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18)
org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:139)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
How to resolve this error? Any help will be gratefully appreciated
Upvotes: 0
Views: 1055
Answers (1)
holmis83
Reputation: 16604
I suspect something is wrong in your CustomWebSecurityExpressionHandler.
Did you forget to set an AuthenticationTrustResolver?
Upvotes: 1
Related Questions
- AbstractSecurityInterceptor must provide a non-null AccessDecisionManager
- Reason: Cannot pass null or empty values to constructor in spring security
- How to solve IllegalArgumentException in Spring security
- Spring security: sporadic NullPointerException
- NoSuchBeanDefinitionException in Spring Security
- Spring security null pointer exception
- NullPointerException in spring security PreFilter with two argument method
- Spring expression cannot resolve type
- Spring Security 3.1 + JPA - Null pointer exception
- Spring Security SQL Error: 0, SQLState: null