SEC-1395: intercept-url access attribute should support spaces when specifying a list of authorized roles #1638

Closed
spring-issuemaster opened this Issue Feb 1, 2010 · 3 comments

2 participants

@spring-issuemaster

Florent Ramiere (Migrated from SEC-1395) said:

The "extra" space in access definition is not supported, it should be allowed.
If this is the desired behavior, the xsd should be updated to reflect the constraint.

<security:intercept-url pattern="/app/*.action" access="ROLE_ANONYMOUS, ROLE_USER" />
```xml 

it produces

2010-02-02 00:17:40.500:WARN::Nested in org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ ROLE_USER]: java.lang.IllegalArgumentException: Unsupported configuration attributes: [ ROLE_USER]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:557)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:842)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:416)

@spring-issuemaster

Florent Ramiere said:

By the way, spaces were allowed with 2.0.5.RELEASE.

@spring-issuemaster

Luke Taylor said:

This should already be fixed as SEC-1380. Please check the changelog from the previous release before opening new issues.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016
@rwinch
Spring member

This issue duplicates #1623

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment