Home/ Questions/Q 1007109
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T08:34:03+00:00

Is there a reason why calling the security authentication property principal.displayName in a decorator

  • 0

Is there a reason why calling the security authentication property principal.displayName in a decorator would cause a problem?

I’m setting it as a variable in a sitemesh decorator:

                <c:set var="displayName">
                    <sec:authentication property="principal.displayName" />
                </c:set>

But it generates this exception:

java.lang.RuntimeException: javax.servlet.ServletException: javax.servlet.jsp.JspException: Invalid property 'principal.displayName' o
f bean class [org.springframework.security.authentication.AnonymousAuthenticationToken]: Bean property 'principal.displayName' is not
readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
        at com.opensymphony.sitemesh.webapp.decorator.BaseWebAppDecorator.render(BaseWebAppDecorator.java:39)
        at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:84)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
        at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
        at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
        at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
        at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
        at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
        at com.google.apphosting.utils.jetty.DevAppEngineWebAppContext.handle(DevAppEngineWebAppContext.java:70)
        at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
        at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
        at org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:195)
        at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:159)
        at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
        at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
        at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:417)
        at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your request’s Authentication object at that point is an instance of the AnonymousAuthenticationToken class, and that class does not have a property called displayName.

    Clearly, SpringSecurity believes that the user is not logged. You probably need to

    • change the access rules so that that JSP can only be viewed when the user is logged in, or

    • change the JSP so to something like the following (assuming that you are using Spring 3.0.x and you’ve enabled web security expressions).

    <c:set var="displayName">
    <sec:authorize access="isAuthenticated()">
        <sec:authentication property="principal.displayName" />
    </sec:authorize>
</c:set>

    References:

    • 0