开发者

Bug with Spring Security 3.0.2 x Spring 3.0.1 - Proxies not being created

Friends,

I have lost a few days searching the internet for an answer regarding my problem, and haven't found anything that could actually solve it. I have tried several different configurations, but still, to no avail.

Here's my problem:

I have an application that was working fine until I decided to add Spring Security. After I introduced this component, I've been getting these messages while starting tomcat 6.0.24 :


INFO: Bean 'org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor#0' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Mar 10, 2010 3:46:47 PM org.springframework.context.support.AbstractApplicationContext$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Mar 10, 2010 3:46:47 PM org.springframework.context.support.AbstractApplicationContext$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Mar 10, 2010 3:46:48 PM org.springframework.beans.factory.support.DefaultListableBeanFactory preIn开发者_运维问答stantiateSingletons

Which I wasn't getting. As a result, now all classes, instead of getting a proxy for the business classes, get a POJO that does not commit transactions. I was using a @PersistenceContext annotation and getting the EntityManager injected, but after Spring Security came, I kept getting NPE (the EntityManager was no longer being injected). So I tried extending JpaDaoSupport and getting to the EntityManager in a different way, like this:


getJpaTemplate()
     .execute(new JpaCallback() {
                             public Object doInJpa(final EntityManager em)
                             throws PersistenceException {
                                     // Here, I get an EntityManager...
                             }
                         });  

It works because now I do not get any NPE anymore. But still, it isn't a proxy.

If I comment out the app-security.xml file and do not load its beans, the application works fine. If I do, no proxies are created, and the application does not commit any transaction.

My app-security.xml file is:


[?xml version="1.0" encoding="UTF-8"?]
[beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
     http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
]

 [bean id="interfaceDecisionManagerBean" class="com.mot.br.jag.security.InterfaceDecisionManager" /]

 [security:global-method-security 
      access-decision-manager-ref="interfaceDecisionManagerBean"     
 /]

 [security:http auto-config="false" access-decision-manager-ref="interfaceDecisionManagerBean"]
        [security:form-login login-page="/login.html" 
                             login-processing-url="/loginProcess" 
                             default-target-url="/index.jsp" 
                             authentication-failure-url="/login.html?login_error=1" /]

        [security:anonymous /]
        [security:logout logout-url="/logout" logout-success-url="/logoutSuccess.html" /]

     [security:port-mappings]
        [security:port-mapping http="8080" https="8443"/]
     [/security:port-mappings]        
    [/security:http]

    [security:ldap-server
        id="motoLDAP"
        url="[private... ]"
    /]

    [security:authentication-manager]
        [security:ldap-authentication-provider
            server-ref="motoLDAP" 
            user-search-filter="(uid={0})"
              user-search-base="ou=intranet"
        /]

    [/security:authentication-manager]

    [bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"]
  [constructor-arg value="[... private ...]"/]
 [/bean]

 [bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"]
  [constructor-arg index="0" value="ou=intranet"/]
  [constructor-arg index="1" value="(uid={0})"/]
  [constructor-arg index="2" ref="contextSource" /]
 [/bean]  

 [bean id="ldapAuthentication" class="com.mot.br.jag.security.authentication.LDAPAuthentication"]
        [constructor-arg index="0"]
      [bean id="ldapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"]
       [constructor-arg]
           [bean class="org.springframework.security.ldap.authentication.BindAuthenticator"]
               [constructor-arg ref="contextSource" /]
                  [property name="userSearch" ref="userSearch" /]
              [/bean]
          [/constructor-arg]
      [/bean] 
        [/constructor-arg]

        [constructor-arg index="1" ref="userSearch" /]
 [/bean]

[/beans]

My app-persistence.xml is:


[?xml version="1.0" encoding="UTF-8"?]
[beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:jee="http://www.springframework.org/schema/jee"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
       http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd"]

    [bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" /]
    [bean class="org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor" /]
    [bean class="org.springframework.aop.aspectj.annotation.AnnotationAwareAspectJAutoProxyCreator" /]  

 [!-- ENTITY MANAGERS --]

    [bean id="interfaceEMF"
        class="org.springframework.orm.jpa.LocalEntityManagerFactoryBean"]
        [property name="persistenceUnitName" value="interfaceDS" /]
    [/bean]

    [!-- TRANSACTION MANAGERS --]

    [bean id="interfaceTM" class="org.springframework.orm.jpa.JpaTransactionManager"]
        [property name="entityManagerFactory" ref="interfaceEMF" /]
    [/bean]

    [!-- TX ADVICES --]

    [tx:advice id="txAdvice" transaction-manager="interfaceTM"]
        [tx:attributes]
            [tx:method name="*" propagation="REQUIRED" rollback-for="Throwable" /]
        [/tx:attributes]
    [/tx:advice]

    [!-- AOP CONFIG --]

    [aop:aspectj-autoproxy /]
    [aop:config]
        [aop:pointcut id="businessMethods" expression="execution(* com.mot.br.jag.business.Business+.*(..))" /]

        [aop:advisor advice-ref="txAdvice" pointcut-ref="businessMethods" /]
    [/aop:config]

[/beans]

I'm running out of ideas... I've read that it's a bug that happens because of the order in which the beans are pre-processed, but I've also read that this bug has already been fixed. I'm sorry if I'm not expressing myself clearly, english is not my first language. I'd be happy to answer any questions, if it guides me in the right direction. :)

Thank you very much in advance, Rodrigo


I don't know what is happening here, but I had a similar problem with a Roo application: it worked well until I configured the security.

My problem was that I have a custom AuthenticationManager that uses Roo Entities to find the Users and their roles, that is, to perform the Authentication and the Authorization.

I had a similar problem with the @PersistenceContext at startup, it wasn't injected.

I found the problem and a solution, maybe it helps you...

The FilterSecurityInterceptor tries to obtain all the ConfigAttribute's in their afterPropertiesSet method if its attribute validateConfigAttributes is set to true (which is its value by default)

In my case, it means a database select using the Roo entities that needs a @PersistenceContext that they don't have.

Why?

Because Roo had configured the contextConfigLocation in the web.xml in this way:

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>

Because of that, the applicationContext-security.xml was the first selected configuration file, before the applicationContext.xml which contains the configuration of the Persistence Context.

I presume the order doesn't matter if you don't have to access the Persistence Context during the startup.

But if this happens, try this:

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath*:META-INF/spring/applicationContext.xml
        classpath*:META-INF/spring/applicationContext-security.xml
    </param-value>
</context-param>


This may be caused by JDK dynamic proxies, try

<aop:aspectj-autoproxy  proxy-target-class = "true" /> 

and

<security:global-method-security proxy-target-class = "true" ... />  


I would guess that there is a conflict between

<aop:aspectj-autoproxy/>

and

<security:global-method-security ... />

as both involve setting up some sort of proxies for your beans.


This is an old question, but I just ran into the same problem and fortunately I managed to fix it. I'm using Spring 3.2.3 and spring security 3.1.4

The ordering of the beans was the culprit.

I changed the order of my configuration files (all in the same context) so that all of my security configuration came first. Everything magically worked once I did that. I'm not sure what the underlying reason was, but I assume it has to do with the way the proxies are created.

I had a similar problem with annotation driven caching. I ended up putting that one last.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜