Skip to content

Add ROLE_INFRASTRUCTURE to infrastructure beans #8407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Lyannic opened this issue Apr 17, 2020 · 7 comments
Closed

Add ROLE_INFRASTRUCTURE to infrastructure beans #8407

Lyannic opened this issue Apr 17, 2020 · 7 comments
Assignees
@rwinch
Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.4.0-M1

Comments

@Lyannic
Copy link

Lyannic commented Apr 17, 2020

Describe the bug
I get info logs during application startup, that a couple of Beans are not eligible for getting processed by all BeanPostProcessors.
I am using Spring Boot 2.2.6.RELEASE.
I thought, this was Spring Boot concerned, so I already created a ticket there but got sent over here. Link to the Spring Boot issue.

2020-04-17 12:42:56.720  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration' of type [org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.726  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'objectPostProcessor' of type [org.springframework.security.config.annotation.configuration.AutowireBeanFactoryObjectPostProcessor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.729  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@55b8dbda' of type [org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.736  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration' of type [org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.743  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.method.configuration.Jsr250MetadataSourceConfiguration' of type [org.springframework.security.config.annotation.method.configuration.Jsr250MetadataSourceConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.744  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'jsr250MethodSecurityMetadataSource' of type [org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2020-04-17 12:42:56.746  INFO 9051 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'methodSecurityMetadataSource' of type [org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)

Since this leads to proxying problems, some method level security annotations are being ignored, which leads to unsecured endpoints at runtime. However I think that seeing this logs messages at application start is already a bug, since there shouldn't be any problems with BeanPostProcessors, because nothing custom is defined.

To Reproduce
Use @EnableGloabeMethodSecurity and have spring-data-jpa in the project. When you then start your web applications, you get the before mentioned log messages.

Expected behavior
I expect none of the before mentioned log messages at application start.

Sample

I created this minimal, reproducible sample which basically consists of nothing, but the @EnableGlobalMethodSecurity annotation and the needed dependencies.
@Lyannic Lyannic added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Apr 17, 2020
@rwinch
Copy link
Member

rwinch commented Apr 17, 2020

Thanks for the report. I think there are two issues here. I don't believe these logs are directly related to beans you are creating not getting proxied. The logs are just informational since the configuration beans are not marked with ROLE_INFRASTRUCTURE.

Can you update the sample to demonstrate how your beans are not being proxied properly?

@rwinch rwinch added status: waiting-for-feedback We need additional information before we can continue and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 17, 2020
@Lyannic
Copy link
Author

Lyannic commented Apr 21, 2020

While trying to create a sample for demonstration, it turned out, that there was a misunderstanding. There actually weren't any proxying problems.

Although the logs are informational, couldn't it happen, that at some time, proxying problems occur, because, as the logs say, some beans are not eligible for getting processed by all BeanPostProcessors?

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Apr 21, 2020
@rwinch
Copy link
Member

rwinch commented Apr 21, 2020

Only the Configuration and Beans that are logged would be impacted. Would you be interested in creating a PR that adds @Role(BeanDefinition.ROLE_INFRASTRUCTURE) to the @Configuration and the @Bean definitions that were logged?

@rwinch rwinch added status: ideal-for-contribution An issue that we actively are looking for someone to help us with and removed status: feedback-provided Feedback has been provided labels Apr 21, 2020
@rwinch rwinch changed the title Auto-proxying problems when using @EnableGloabelMethodSecurity with spring-data-jpa Spring Configuration Produces Logs ... is not eligible for getting processed by all BeanPostProcessors Apr 21, 2020
@rwinch rwinch changed the title Spring Configuration Produces Logs ... is not eligible for getting processed by all BeanPostProcessors Method security produces logs ... is not eligible for getting processed by all BeanPostProcessors Apr 21, 2020
@Lyannic
Copy link
Author

Lyannic commented Apr 23, 2020

Yes, I would be interested in that PR, but it could take some time, since I am quite busy at the moment.

@dadikovi
Copy link
Contributor

@Lyannic if you dont have time for this I could send a PR about it. (But I can keep searching for another issue if you want to work on this! :) )

@Lyannic
Copy link
Author

Lyannic commented Apr 23, 2020
edited
Loading

@dadikovi If you are looking for a PR and are interested in this one, you can go for it. I am not calling dibs on it :)

@dadikovi
Copy link
Contributor

Okay, thank you! :)

dadikovi added a commit to dadikovi/spring-security that referenced this issue Apr 23, 2020
@dadikovi
Some infrastructure beans are not marked properly
6f5404f 
Added ROLE_INFRASTRUCTURE annotation for them.

Closes spring-projectsgh-8407
@dadikovi dadikovi mentioned this issue Apr 23, 2020
Closed
@rwinch rwinch self-assigned this Apr 27, 2020
@rwinch rwinch closed this as completed in 8e8251a Apr 27, 2020
@rwinch rwinch added in: config An issue in spring-security-config and removed status: ideal-for-contribution An issue that we actively are looking for someone to help us with labels Apr 27, 2020
@rwinch rwinch added this to the 5.4.0.M1 milestone Apr 27, 2020
@rwinch rwinch changed the title Method security produces logs ... is not eligible for getting processed by all BeanPostProcessors Add ROLE_INFRASTRUCTURE to infrastructure beans Apr 27, 2020
rwinch pushed a commit that referenced this issue Apr 27, 2020
@dadikovi @rwinch
Add ROLE_INFRASTRUCTURE to infrastructure beans
a89e3d3 
Closes gh-8407
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Apr 27, 2020
Closed
rwinch pushed a commit that referenced this issue Apr 27, 2020
@dadikovi @rwinch
Add ROLE_INFRASTRUCTURE to infrastructure beans
c399185 
Closes gh-8407
Closed
rwinch added a commit that referenced this issue Apr 27, 2020
@rwinch
Add ROLE_INFRASTRUCTURE to infrastructure beans
aa11846 
Closes gh-8407
Closed
rwinch added a commit that referenced this issue Apr 27, 2020
@rwinch
Add ROLE_INFRASTRUCTURE to infrastructure beans
76a4df0 
Closes gh-8407
Closed
rwinch added a commit that referenced this issue Apr 27, 2020
@rwinch
Add ROLE_INFRASTRUCTURE to infrastructure beans
d450885 
Closes gh-8407
Closed
@dodgex dodgex mentioned this issue Jun 1, 2021
Closed
@rasa-app rasa-app mentioned this issue Jan 6, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.4.0-M1
Development

Successfully merging a pull request may close this issue.

Add ROLE_INFRASTRUCTURE to infrastructure beans dadikovi/spring-security
4 participants
@rwinch @dadikovi @spring-projects-issues @Lyannic