Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-3063: OnMissingBeanCondition avoid initializing beans #3264

Closed
spring-projects-issues opened this issue Aug 4, 2015 · 6 comments
Closed

SEC-3063: OnMissingBeanCondition avoid initializing beans #3264

spring-projects-issues opened this issue Aug 4, 2015 · 6 comments
Assignees
Labels
in: config type: bug type: jira
Milestone

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Aug 4, 2015

Rob Winch (Migrated from SEC-3063) said:

OnMissingBeanCondition should use BeanTypeRegistry.getNamesForType to avoid initializing any beans

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Sep 10, 2015

Phil Webb said:

A Spring Boot user has just hit this and provided a sample project to replicate. See spring-projects/spring-boot#3923.

I think we'll probably need a fix before we can release Spring Boot 1.3

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 13, 2015

Phil Webb said:

Any update on a fix for this? We'll be releasing 1.3.RC1 on Thursday all being well.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 13, 2015

Rob Winch said:

pwebb Unfortunately there is no update on this at the moment. I have been quite preoccupied with other things. When is the GA release expected?

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 14, 2015

Phil Webb said:

Ideally we'd like to release around the end of October.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Oct 21, 2015

Rob Winch said:

This is now resolved. The fix was to completely remove ConditionalOnMissingBean from Spring Security to ensure we resolve SEC-3062 too. Now users must define requestDataValueProcessor in the class annotated with @EnableWebSecurity to ensure the custom requestDataValueProcessor is used.

@spring-projects-issues spring-projects-issues added in: config Closed type: bug type: jira labels Feb 5, 2016
@spring-projects-issues spring-projects-issues added this to the 4.1.0 M1 milestone Feb 5, 2016
@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Feb 6, 2016

This issue relates to #3263

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: config type: bug type: jira
Projects
None yet
Development

No branches or pull requests

2 participants