java - 询问spring是否有人已经登录时出现空指针异常

Question

当访问login.jsp我的应用程序中通过Spring 3 security. 我在控制器中使用的代码是

SecurityContextHolder.getContext().getAuthentication().getPrincipal()

不过我得到

java.io.IOException:
    No visible WebSecurityExpressionHandler instance could be found in the 
    application context.

完整的堆栈跟踪在这里

我的内容在applicationContext-security.xml这里：

<beans xmlns:security="http://www.springframework.org/schema/security"
       xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation =
           "http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:http pattern="/resources/**" security="none"/>
    <security:http pattern="/login" security="none" auto-config="true"/>
    <security:http pattern="/denied" security="none"/>

    <security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false">
        <security:intercept-url pattern="/login**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
        <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
        <security:form-login login-page="/login"  authentication-failure-url="/denied"
                             default-target-url="/"/>
        <security:logout  logout-success-url="/login" />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
                <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
                <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

有谁知道，这可能是什么原因？