Announcement Announcement Module
Collapse
No announcement yet.
multiple http configurations using 3.1.0.RC1 - FilterSecurityInterceptor error Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • multiple http configurations using 3.1.0.RC1 - FilterSecurityInterceptor error

    I just upgraded to 3.1.0.RC1 to take advantage of being able to configure multiple http configurations. My configuration using a single http element looks something like this and worked fine after the upgrade:

    Code:
        <security:http pattern="/public/**" security="none" />
    
        <security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
    	<security:custom-filter ref="ssoAuthenticationFilter" position="FORM_LOGIN_FILTER" />
            <security:intercept-url pattern="/admin/**" access="hasRole('ADMIN')" />
        </security:http>
    
        <security:authentication-manager alias="providerManager" erase-credentials="false">
            <security:authentication-provider ref="authenticationProvider" />
        </security:authentication-manager>
    I want expose some REST APIs and have them protected under a different http configuration like the following:

    Code:
        <security:http auto-config="false" use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
    	<security:custom-filter ref="restAuthenticationFilter" position="FORM_LOGIN_FILTER" />
            <security:intercept-url pattern="/rest/**" access="hasRole('DEVELOPER')" />
        </security:http>
    After doing so, I get the following exception on startup:

    Code:
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationProvider': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void com.foo.security.authentication.CustomAuthenticationProvider.setFilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] is defined: expected single matching bean but found 2: [org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1]
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:286)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1064)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 66 more
    Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void com.foo.security.authentication.CustomAuthenticationProvider.setFilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] is defined: expected single matching bean but found 2: [org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1]
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:608)
    	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:84)
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:283)
    	... 74 more
    Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No unique bean of type [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] is defined: expected single matching bean but found 2: [org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0, org.springframework.security.web.access.intercept.FilterSecurityInterceptor#1]
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:790)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:697)
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:559)
    	... 76 more
    I then tried to define two FilterSecurityInterceptor beans and use those, but got the error saying you can't use custom FilterSecurityInterceptors when using the http element. Is it possible to do something like this, or can I not use the http elements for this?

    I later read this in the documentation as well:
    Note that you can't replace filters which are created by the use of the <http> element itself - SecurityContextPersistenceFilter, ExceptionTranslationFilter or FilterSecurityInterceptor.
Working...
X