Spring Security
  1. Spring Security
  2. SEC-1593

Custom BeanPostProcessor are not applied for beans referenced by security infrastructure

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.1.0.M1
    • Fix Version/s: 3.1.0.M2
    • Component/s: None
    • Labels:
      None
    • Environment:
      SunJDK 1.6, Spring Framework 3.0.4.RELEASE

      Description

      While it works fine in 3.0.3, with 3.1.0.M1, all beans referenced by security namespace are initialized before custom BeanPostProcessor are run. Tested on provider and entrypoint, but i assume its general problem.

        Activity

        Hide
        Michal Dvorak added a comment -

        In short my config was
        <security:debug/>

        <security:http security="none" pattern="/resources/**"/>
        <security:http security="none" pattern="/static/**"/>

        <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="passwordAuthenticationProvider"/>
        </security:authentication-manager>

        <security:http access-denied-page="/static/error.html" entry-point-ref="entryPoint">
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="passwordAuthenticationFilter"/>
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
        <security:logout logout-url="/logout/do" success-handler-ref="logoutSuccessHandler" invalidate-session="true"/>
        </security:http>

        <bean id="entryPoint" class="cz.sample.security.impl.MyEntryPoint" />

        <bean id="passwordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        ....
        </bean>

        Show
        Michal Dvorak added a comment - In short my config was <security:debug/> <security:http security="none" pattern="/resources/**"/> <security:http security="none" pattern="/static/**"/> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="passwordAuthenticationProvider"/> </security:authentication-manager> <security:http access-denied-page="/static/error.html" entry-point-ref="entryPoint"> <security:custom-filter position="FORM_LOGIN_FILTER" ref="passwordAuthenticationFilter"/> <security:intercept-url pattern="/**" access="ROLE_USER"/> <security:logout logout-url="/logout/do" success-handler-ref="logoutSuccessHandler" invalidate-session="true"/> </security:http> <bean id="entryPoint" class="cz.sample.security.impl.MyEntryPoint" /> <bean id="passwordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> .... </bean>
        Hide
        Luke Taylor added a comment -

        Sorry, but I can't reproduce this. Both my custom AuthenticationEntryPoint and AuthenticationProvider are successfully post-processed in testing.

        Could you provide a test case which reproduces the issue?

        Show
        Luke Taylor added a comment - Sorry, but I can't reproduce this. Both my custom AuthenticationEntryPoint and AuthenticationProvider are successfully post-processed in testing. Could you provide a test case which reproduces the issue?
        Hide
        Michal Dvorak added a comment -

        hmm, i failed to reproduce it on dummy project too. It may be some combination of libraries i use - it still happens on "full project". When i hit the time i'll need to upgrade spring security, i will investigate it further, and possibly ask to reopen this.

        Thank you for your efforts, i'm just trying to make this great library better

        Show
        Michal Dvorak added a comment - hmm, i failed to reproduce it on dummy project too. It may be some combination of libraries i use - it still happens on "full project". When i hit the time i'll need to upgrade spring security, i will investigate it further, and possibly ask to reopen this. Thank you for your efforts, i'm just trying to make this great library better
        Hide
        Luke Taylor added a comment -

        Thanks for the update. Let us know what you come up with. In the meantime, I'll keep a lookout for over-eager initialization issues.

        Show
        Luke Taylor added a comment - Thanks for the update. Let us know what you come up with. In the meantime, I'll keep a lookout for over-eager initialization issues.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Michal Dvorak
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: