java如何在SpringSecurity4中基于角色授权链接
我正在尝试根据角色授权链接
我的页面:
<c:if test="${pageContext.request.userPrincipal.name==null}">
<li> <a href="<c:url value="/registration"/>"><span class="glyphicon glyphicon-user">Register</span></a> </li>
<li> <a href="<c:url value="/login"/>"><span class="glyphicon glyphicon-lock">Login</span></a> </li>
</c:if>
<c:if test="${pageContext.request.userPrincipal.name!=null}">
<security:authorize access="ROLE_USER">
<li><a href="cart.jsp"><span class="glyphicon glyphicon-shopping-cart">CART</span></a></li>
</security:authorize>
<li><a href="<c:url value="/j_spring_security_logout"></c:url>">logout</a></li>
</c:if>
我得到以下例外情况:
with root cause
org.springframework.expression.spel.SpelEvaluationException:
EL1008E:(pos 0): Property or field 'ROLE_USER' cannot be found on object of type
'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?
# 1 楼答案
必须使用web安全表达式,请参见Spring Security Reference:
ROLE_USER
不是内置的web安全表达式(请参见Spring Security Reference),请改用hasRole('USER')
,请参见^{# 2 楼答案
试试这个。。而不是
<security:authorize access="ROLE_USER">
<security:authorize access="hasRole('ROLE_USER')">