beans.NotReadablePropertyException in spring security

I am very new to spring security . I picked up this book and trying to execute the code .

While I do this I am getting

org.springframework.beans.NotReadablePropertyException: Invalid property
'principal.username' of bean class 
[org.springframework.security.authentication.AnonymousAuthenticationToken]: 
Bean property 'principal.username' is not readable or has an invalid getter 
method: 
Does the return type of the getter match the parameter type of the setter?

My spring-security xml config :

<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/login.do" access="permitAll"/>
    <intercept-url pattern="/*" access="hasRole('ROLE_USER')"/>
    <form-login login-page="/login.do"/>
</http>


<authentication-manager alias="authenticationManager">

    <authentication-provider>
        <user-service id="userService">
            <user authorities="ROLE_USER" name="guest" password="guest"/>
        </user-service>
    </authentication-provider>
    <!-- Ch 3 Change Password Service -->
    <!-- 
    <authentication-provider user-service-ref="userS开发者_Go百科ervice"/>
     -->
</authentication-manager>

Am I missing something ?

Let me know if you need any additional information.

What the error message seems to be indicating is that something is trying to access a non-existent property on an AnonymousAuthenticationToken ; i.e. the authentication token that spring security uses when the session is not logged in.

I suspect that the problem is actually occurring either in your servlet code, or in a JSP that is trying to access the name of the current user via a spring security tag.

The complete stacktrace for the error might give us more clues. At least it should tell us where the exception is coming from.

(For what it is worth, an AnonymousAuthenticationToken does have a principal property, but that property is not normally an object that has a username property. Indeed, it is often just a String.)

I am reading/following the "Spring Security 3" book. Just add the following lines to the header.jsp The problem is that principal.username does not exists if you are not logged in.

<div class="username">
    Welcome, 
    <sec:authorize access="isAuthenticated()">  
        <strong><sec:authentication property="principal.username"/></strong>
    </sec:authorize>
</div>

Prerequisites as follows:

1. Add spring security taglib in jsp page you want to show username,

   <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
   

2. Add spring security jars, use

   <sec:authentication property="principal" />
   

   in jsp where you want to show the username

Following will show up:

1. anonymousUser, means user is not logged in
2. string representation of object, means user is logged in

But do not print string representation of object on page.

Here's a pseudo code:

if principal==anonymousUser
    show login button
else (do not use principal here too)
    show username with logout button