Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2400: proxyTargetClass=true required with groovy controllers that use @EnableGlobalMethodSecurity #2620

Open
spring-projects-issues opened this issue Nov 13, 2013 · 0 comments
Labels
in: web type: enhancement type: jira

Comments

@spring-projects-issues
Copy link

spring-projects-issues commented Nov 13, 2013

Wesley Hall (Migrated from SEC-2400) said:

If spring webmvc controllers are written in groovy rather than Java the controller mapping is lost when using a @PreAuthorize annotation on a controller method with @EnableGlobalMethodSecurity switched on.

The problem seems to be related to SPR-6268, which is a (now fixed) bug that prevented groovy controllers working at all.

The problem can be resolved with 'proxyTargetClass=true', which was also the solution in SPR-6268, where this was made the default.

Presumably part of the groovy compilation magic involves adding interfaces to classes at compile time which is causing the proxy generation to become interface based breaking AnnotationUtils.

If this is not an easy fix, it might be a good idea to include this in the documentation somewhere because it took me quite a long time to track it down. Not sure how many groovy + spring mvc + spring security people are out there, but I can't be the only one :).

@spring-projects-issues spring-projects-issues added in: web Open type: enhancement type: jira labels Feb 5, 2016
@rwinch rwinch removed the Open label May 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web type: enhancement type: jira
Projects
None yet
Development

No branches or pull requests

2 participants