Failed to evaluate expression 'IS_AUTHENTICATED_ANONYMOUSLY' Spring 4

Question

I upgraded from Spring 3.2.3 + Hibernate 3.8.6 to Spring 4.1.6 + Hibernate 4.3
now have the following error.
This is my springSecurityContext.xml:

Be

Answer 1

You have 2 errors in your configuration: one regarding element and one regarding ConcurrentSessionFilter.

1. The class ConcurrentSessionFilter changed from Spring 3 to Spring 4. The constructor taking no parameter, which was deprecated in Spring 3, was removed in Spring 4.

   This explains the error you are getting:

   Caused by: java.lang.NoSuchMethodException: org.springframework.security.web.session.ConcurrentSessionFilter.()

   which means that you referenced the no-arg constructor but that it did not exist.

   You need to change your configuration to use the two-args constructor instead:

2. Regarding to the element, you have specified use-expressions="true" but you are not using Spring EL expressions. Quoting the Spring documentation:

   To use expressions to secure individual URLs, you would first need to set the use-expressions attribute in the element to true. Spring Security will then expect the access attributes of the elements to contain Spring EL expressions.

   As such, you either need to set use-expressions to false explicitely (the default value is true) or change your access attributes to access="hasRole('...').