SEC-2087: GlobalMethodSecurityBeanDefinitionParser.AuthenticationManagerDelegator attempts to get a bean using the concrete implementation #2321

spring-issuemaster opened this Issue Nov 28, 2012 · 1 comment

2 participants


Rigas Grigoropoulos (Migrated from SEC-2087) said:

In the authenticate method of the AuthenticationManagerDelegator inner class, it is attempted to get a bean of class
In the Eclipse Virgo container when the AuthenticationManager is referenced as a service, the ProviderManager will be wrapped inside a Proxy class and the following Exception will be thrown:

Failed to call secure method org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'authenticationManager' must be of type [], but was actually of type [$Proxy94]

The bean should be looked up by the interface.
The following change works properly for the described scenario.
Original code (at line 386):
try {
delegate = beanFactory.getBean(authMgrBean, ProviderManager.class);
} catch (NoSuchBeanDefinitionException e) {

Changed to:
try {
delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class);
} catch (NoSuchBeanDefinitionException e) {


Rob Winch said:

Thanks for taking the time to report this issue. This is fixed in both master and the 3.1.x branch

@spring-issuemaster spring-issuemaster added this to the 3.2.0 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment