Spring Security
  1. Spring Security
  2. SEC-2087

GlobalMethodSecurityBeanDefinitionParser.AuthenticationManagerDelegator attempts to get a bean using the concrete implementation

    Details

    • Type: Defect Defect
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.3
    • Fix Version/s: 3.1.4, 3.2.0
    • Component/s: Namespace
    • Environment:
      Spring-security in Eclipse Virgo container

      Description

      In the authenticate method of the AuthenticationManagerDelegator inner class, it is attempted to get a bean of class org.springframework.security.authentication.ProviderManager.
      In the Eclipse Virgo container when the AuthenticationManager is referenced as a service, the ProviderManager will be wrapped inside a Proxy class and the following Exception will be thrown:

      Failed to call secure method org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'authenticationManager' must be of type [org.springframework.security.authentication.ProviderManager], but was actually of type [$Proxy94]
      at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:360)
      at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
      at org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser$AuthenticationManagerDelegator.authenticate(GlobalMethodSecurityBeanDefinitionParser.java:386)

      The bean should be looked up by the org.springframework.security.authentication.AuthenticationManager interface.
      The following change works properly for the described scenario.
      Original code (at line 386):
      try

      { delegate = beanFactory.getBean(authMgrBean, ProviderManager.class); }

      catch (NoSuchBeanDefinitionException e) {

      Changed to:
      try

      { delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class); }

      catch (NoSuchBeanDefinitionException e) {

        Activity

        Hide
        Rob Winch added a comment -

        Thanks for taking the time to report this issue. This is fixed in both master and the 3.1.x branch

        Show
        Rob Winch added a comment - Thanks for taking the time to report this issue. This is fixed in both master and the 3.1.x branch

          People

          • Assignee:
            Rob Winch
            Reporter:
            Rigas Grigoropoulos
          • Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: