Skip to content

SEC-2301: GlobalMethodSecurityConfiguration's DefaultWebSecurityExpressionHandler has null BeanResolver #2526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
spring-projects-issues opened this issue Sep 3, 2013 · 1 comment
Closed

SEC-2301: GlobalMethodSecurityConfiguration's DefaultWebSecurityExpressionHandler has null BeanResolver #2526

spring-projects-issues opened this issue Sep 3, 2013 · 1 comment
Assignees
@rwinch
Labels
in: config An issue in spring-security-config type: bug A general bug type: jira An issue that was migrated from JIRA
Milestone
3.2.0.RC2

Comments

@spring-projects-issues
Copy link

Rob Winch (Migrated from SEC-2301) said:

this blog post got me started with java config, and everything worked fine until i tried to use @PreAuthorize annotation that uses my custom authentication service (via @myCustomService) expression. I get an error that

No bean resolver registered in the context to resolve access to bean myCustomService

Looking at M2 and RC1 source code, it seems that when WebSecurity is created in WebSecurityConfiguration and the default DefaultWebSecurityExpressionHandler is used and it has no BeanResolver set (from AbstractSecurityExpressionHandler).

Might this be a bug in the java based configuration?
@spring-projects-issues
Copy link
Author

Rob Winch said:

A workaround is to set the expression handler manually. This can be done with something like:

@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
    @Autowired
    private ApplicationContext context;

    @Override
    protected MethodSecurityExpressionHandler expressionHandler() {
        DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
        handler.setApplicationContext(context);
        return handler;
    }

    // ... other config ...
}

@spring-projects-issues spring-projects-issues added in: config An issue in spring-security-config Closed type: bug A general bug type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@spring-projects-issues spring-projects-issues added this to the 3.2.0.RC2 milestone Feb 5, 2016
Closed
@jzheaux jzheaux mentioned this issue Jun 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: config An issue in spring-security-config type: bug A general bug type: jira An issue that was migrated from JIRA
Projects
None yet
Milestone
3.2.0.RC2
Development

No branches or pull requests
2 participants
@rwinch @spring-projects-issues