Skip to content

ArrayStoreException when using Spring Security in a Servlet app without spring-security-web #28774

New issue
New issue
Closed
Closed
ArrayStoreException when using Spring Security in a Servlet app without spring-security-web#28774
Assignees
mbhave
Labels
type: regressionA regression from a previous release
Milestone
2.6.1
@filiphr

Description

@filiphr
filiphr
opened on Nov 22, 2021

Unfortunately I missed this problem earlier.

When running on Java 8 with spring-security, but without spring-security-web then there is an ArrayStoreException in the ErrorPageSecurityFilterConfiguration. This is caused by the work that was done for #26356. The ErrorPageSecurityFilterConfiguration should not use @ConditionalOnBean(WebInvocationPrivilegeEvaluator.class), but it should rather use @ConditionalOnBean(type = "org.springframework.security.web.access.WebInvocationPrivilegeEvaluator") or there should be a guard on the configuration class itself.

Most likely the same problem that exists for @ConditionalOnClass (#27846) exists for the @ConditonalOnBean as well.

Metadata

Metadata

Assignees

Labels

type: regressionA regression from a previous release

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions