Skip to content

Commit 477573b

Browse files
author
Rob Winch
committed
Fix @EnableGlobalAuthentication & method seucrity on @configuration class
Fixes gh-3934
1 parent fa1c484 commit 477573b

File tree

2 files changed

+62
-4
lines changed

2 files changed

+62
-4
lines changed

config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java

+32-4
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@
2222
import org.aopalliance.intercept.MethodInterceptor;
2323
import org.apache.commons.logging.Log;
2424
import org.apache.commons.logging.LogFactory;
25+
26+
import org.springframework.beans.factory.SmartInitializingSingleton;
2527
import org.springframework.beans.factory.annotation.Autowired;
2628
import org.springframework.context.ApplicationContext;
2729
import org.springframework.context.annotation.AdviceMode;
@@ -76,7 +78,8 @@
7678
* @see EnableGlobalMethodSecurity
7779
*/
7880
@Configuration
79-
public class GlobalMethodSecurityConfiguration implements ImportAware {
81+
public class GlobalMethodSecurityConfiguration
82+
implements ImportAware, SmartInitializingSingleton {
8083
private static final Log logger = LogFactory
8184
.getLog(GlobalMethodSecurityConfiguration.class);
8285
private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
@@ -94,6 +97,7 @@ public <T> T postProcess(T object) {
9497
private ApplicationContext context;
9598
private MethodSecurityExpressionHandler expressionHandler;
9699
private Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource;
100+
private MethodSecurityInterceptor methodSecurityInterceptor;
97101

98102
/**
99103
* Creates the default MethodInterceptor which is a MethodSecurityInterceptor using
@@ -117,18 +121,42 @@ public <T> T postProcess(T object) {
117121
*/
118122
@Bean
119123
public MethodInterceptor methodSecurityInterceptor() throws Exception {
120-
MethodSecurityInterceptor methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor()
124+
this.methodSecurityInterceptor = isAspectJ()
125+
? new AspectJMethodSecurityInterceptor()
121126
: new MethodSecurityInterceptor();
122127
methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
123128
methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
124-
methodSecurityInterceptor.setAuthenticationManager(authenticationManager());
125129
methodSecurityInterceptor
126130
.setSecurityMetadataSource(methodSecurityMetadataSource());
127131
RunAsManager runAsManager = runAsManager();
128132
if (runAsManager != null) {
129133
methodSecurityInterceptor.setRunAsManager(runAsManager);
130134
}
131-
return methodSecurityInterceptor;
135+
136+
return this.methodSecurityInterceptor;
137+
}
138+
139+
/*
140+
* (non-Javadoc)
141+
*
142+
* @see org.springframework.beans.factory.SmartInitializingSingleton#
143+
* afterSingletonsInstantiated()
144+
*/
145+
@Override
146+
public void afterSingletonsInstantiated() {
147+
try {
148+
initializeMethodSecurityInterceptor();
149+
}
150+
catch (Exception e) {
151+
throw new RuntimeException(e);
152+
}
153+
}
154+
155+
private void initializeMethodSecurityInterceptor() throws Exception {
156+
if(this.methodSecurityInterceptor == null) {
157+
return;
158+
}
159+
this.methodSecurityInterceptor.setAuthenticationManager(authenticationManager());
132160
}
133161

134162
/**

config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy

+30
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import org.springframework.context.annotation.Import
2323
import org.springframework.core.Ordered
2424
import org.springframework.core.annotation.Order
2525
import org.springframework.security.access.annotation.Secured
26+
import org.springframework.security.access.prepost.PreAuthorize;
2627
import org.springframework.security.authentication.AuthenticationManager
2728
import org.springframework.security.authentication.AuthenticationProvider
2829
import org.springframework.security.authentication.TestingAuthenticationToken
@@ -485,4 +486,33 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
485486
UDS
486487
}
487488
}
489+
490+
def 'EnableGlobalMethodSecurity configuration uses PreAuthorize does not cause BeanCurrentlyInCreationException'() {
491+
when:
492+
loadConfig(UsesPreAuthorizeMethodSecurityConfig,AuthenticationManagerBeanConfig)
493+
then:
494+
noExceptionThrown()
495+
}
496+
497+
@Configuration
498+
@EnableGlobalMethodSecurity(prePostEnabled = true)
499+
static class UsesPreAuthorizeMethodSecurityConfig {
500+
@PreAuthorize("denyAll")
501+
void run() {}
502+
}
503+
504+
505+
def 'EnableGlobalMethodSecurity uses method security service'() {
506+
when:
507+
loadConfig(ServicesConfig,UsesPreAuthorizeMethodSecurityConfig,AuthenticationManagerBeanConfig)
508+
then:
509+
noExceptionThrown()
510+
}
511+
512+
@Configuration
513+
@EnableGlobalMethodSecurity(securedEnabled = true)
514+
static class UsesServiceMethodSecurityConfig {
515+
@Autowired
516+
Service service
517+
}
488518
}

0 commit comments

Comments
 (0)