New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Every XML sec:authentication-manager creates a new global instance of AuthenticationEventPublisher #7282
Labels
in: config
An issue in spring-security-config
status: backported
An issue that has been backported to maintenance branches
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: bug
A general bug
Milestone
Comments
spring-projects-issues
added
the
status: waiting-for-triage
An issue we've not yet triaged
label
Aug 20, 2019
Anyway, I implemented a workaround by replacing Autowired with XML property injection of a customized event publisher defined as protected bean
|
Thanks for the report @djechelon! Would you be willing to submit a PR to fix this? |
rwinch
added
in: config
An issue in spring-security-config
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: bug
A general bug
and removed
status: waiting-for-triage
An issue we've not yet triaged
labels
Aug 20, 2019
@djechelon created a pull request right now. It is an early proposal, without tests (yet) |
Note that this is the related PR. |
eleftherias
changed the title
Every XML sec:authentication-manager creates a new global instance of AuthenticationEventPublisher, cannot autowire
Every XML sec:authentication-manager creates a new global instance of AuthenticationEventPublisher
Jun 28, 2021
eleftherias
pushed a commit
that referenced
this issue
Jun 28, 2021
spring-projects-issues
added
the
status: backported
An issue that has been backported to maintenance branches
label
Jun 28, 2021
eleftherias
pushed a commit
that referenced
this issue
Jun 28, 2021
eleftherias
pushed a commit
that referenced
this issue
Jun 28, 2021
eleftherias
pushed a commit
that referenced
this issue
Jun 28, 2021
akohli96
pushed a commit
to akohli96/spring-security
that referenced
this issue
Aug 25, 2021
…ge-after-login-based-on-user-role-with-spring-security/67531436#67531436 Closes spring-projectsgh-7282
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
in: config
An issue in spring-security-config
status: backported
An issue that has been backported to maintenance branches
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: bug
A general bug
Summary
When you use multiple
sec:authentication-manager
s, you can't@Autowire
theAuthenticationEventPublisher
because everysec:authentication-manager
will instantiate its own public beanDetailed explanation
I work on a plugin-based authentication architecture. All plugins must be switched by Spring profiles and should coexist if possible (all active have no effect).
Currently I have two kinds of plugins:
ProviderManager
and scans forAuthenticationProvider
s that supportUsernamePasswordToken
Actual Behavior
Reference
Since Spring Security creates a globally-visible bean of type
DefaultAuthenticationEventPublisher
every time it creates an authentication manager, you can autowire itExpected Behavior
There should be either one globally-visible bean of type
AuthenticationEventPublisher
that can be autowired in other beans if required, or the definition of a newAuthenticationManager
should inject an instance ofDefaultAuthenticationEventPublisher
that is private to the authentication manager.I would prefer the latter, because if one writes their own security plugin there will be actually no public AuthenticationEventPublisher to Autowire, and developer is forced to find their own way (i.e. declare explicitly) to autowire into their authenticatio components
Configuration
Version
Using version 4.2.11 but should affect all 4.2.x
Related
#4400
#4269
The text was updated successfully, but these errors were encountered: