Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2087: GlobalMethodSecurityBeanDefinitionParser.AuthenticationManagerDelegator attempts to get a bean using the concrete implementation #2321

Closed
spring-issuemaster opened this issue Nov 28, 2012 · 1 comment

Comments

Projects
None yet
2 participants
@spring-issuemaster
Copy link

commented Nov 28, 2012

Rigas Grigoropoulos (Migrated from SEC-2087) said:

In the authenticate method of the AuthenticationManagerDelegator inner class, it is attempted to get a bean of class org.springframework.security.authentication.ProviderManager.
In the Eclipse Virgo container when the AuthenticationManager is referenced as a service, the ProviderManager will be wrapped inside a Proxy class and the following Exception will be thrown:

Failed to call secure method org.springframework.beans.factory.BeanNotOfRequiredTypeException: Bean named 'authenticationManager' must be of type [org.springframework.security.authentication.ProviderManager], but was actually of type [$Proxy94]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:360)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser$AuthenticationManagerDelegator.authenticate(GlobalMethodSecurityBeanDefinitionParser.java:386)

The bean should be looked up by the org.springframework.security.authentication.AuthenticationManager interface.
The following change works properly for the described scenario.
Original code (at line 386):
try {
delegate = beanFactory.getBean(authMgrBean, ProviderManager.class);
} catch (NoSuchBeanDefinitionException e) {

Changed to:
try {
delegate = beanFactory.getBean(authMgrBean, AuthenticationManager.class);
} catch (NoSuchBeanDefinitionException e) {

@spring-issuemaster

This comment has been minimized.

Copy link
Author

commented Apr 25, 2013

Rob Winch said:

Thanks for taking the time to report this issue. This is fixed in both master and the 3.1.x branch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.