SEC-906: SecuredMethodDefinitionSource always requires AspectJ to be on the classpath #1159
Labels
status: declined
A suggestion or change that we don't feel we should currently apply
type: enhancement
A general enhancement
type: jira
An issue that was migrated from JIRA
Milestone
When setting up a SecuredMethodDefinitionSource based on AOP Alliance Java will throw a "java.lang.NoClassDefFoundError: org/aspectj/lang/Signature ". The reason is that SecuredMethodDefinitionSource extends AbstractFallbackMethodDefinitionSource which has compile time references to AOP alliance and aspectJ classes. Thus it currently is not possible to use @Secured without having AspectJ on the classpath.
AbstractFallbackMethodDefinitionSource as well as AbstractMethodDefinitionSource should delegate AspectJ related checkings to subclasses that are only loaded if it is dynamically determined whether AspectJ is on the classpath or not.
Right now I helped myself by patching the class and simply commenting out all JoinPoint and Signature class references.
The text was updated successfully, but these errors were encountered: