Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1593: Custom BeanPostProcessor are not applied for beans referenced by security infrastructure #1832

spring-issuemaster opened this Issue Oct 18, 2010 · 4 comments


None yet
1 participant

Michal Dvorak (Migrated from SEC-1593) said:

While it works fine in 3.0.3, with 3.1.0.M1, all beans referenced by security namespace are initialized before custom BeanPostProcessor are run. Tested on provider and entrypoint, but i assume its general problem.

Michal Dvorak said:

In short my config was

<security:http security="none" pattern="/resources/"/>
<security:http security="none" pattern="/static/

<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="passwordAuthenticationProvider"/>

<security:http access-denied-page="/static/error.html" entry-point-ref="entryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER" ref="passwordAuthenticationFilter"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:logout logout-url="/logout/do" success-handler-ref="logoutSuccessHandler" invalidate-session="true"/>


Luke Taylor said:

Sorry, but I can't reproduce this. Both my custom AuthenticationEntryPoint and AuthenticationProvider are successfully post-processed in testing.

Could you provide a test case which reproduces the issue?

Michal Dvorak said:

hmm, i failed to reproduce it on dummy project too. It may be some combination of libraries i use - it still happens on "full project". When i hit the time i'll need to upgrade spring security, i will investigate it further, and possibly ask to reopen this.

Thank you for your efforts, i'm just trying to make this great library better ;)

Luke Taylor said:

Thanks for the update. Let us know what you come up with. In the meantime, I'll keep a lookout for over-eager initialization issues.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment