Spring Security
  1. Spring Security
  2. SEC-1395

intercept-url access attribute should support spaces when specifying a list of authorized roles

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Duplicate
    • Affects Version/s: 3.0.1
    • Fix Version/s: 3.0.2
    • Component/s: None
    • Labels:
      None

      Description

      The "extra" space in access definition is not supported, it should be allowed.
      If this is the desired behavior, the xsd should be updated to reflect the constraint.

      
      

      <security:intercept-url pattern="/app/*.action" access="ROLE_ANONYMOUS, ROLE_USER" />

      
      

      it produces

      2010-02-02 00:17:40.500:WARN::Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ ROLE_USER]: java.lang.IllegalArgumentException: Unsupported configuration attributes: [ ROLE_USER]
              at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
              at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
              at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
              at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
              at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
              at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
              at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:557)
              at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:842)
              at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:416)
      

        Issue Links

          Activity

          Hide
          Florent Ramiere added a comment -

          By the way, spaces were allowed with 2.0.5.RELEASE.

          Show
          Florent Ramiere added a comment - By the way, spaces were allowed with 2.0.5.RELEASE.
          Hide
          Luke Taylor added a comment -

          This should already be fixed as SEC-1380. Please check the changelog from the previous release before opening new issues.

          Show
          Luke Taylor added a comment - This should already be fixed as SEC-1380 . Please check the changelog from the previous release before opening new issues.

            People

            • Assignee:
              Luke Taylor
              Reporter:
              Florent Ramiere
            • Votes:
              1 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: