Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-750: Support for JPA PersistenceContext annotation broken #994

spring-issuemaster opened this Issue Apr 4, 2008 · 12 comments


None yet
1 participant
from SEC-750) said:

When Spring Security is used, JPA annotations auto-wiring is not supported : the @PersistenceContext EntityManager is not injected in the DAO layer, which results in NullPointerExceptions

Xavier said:

In the given Eclipse project (requires maven plugin to run, or maven command line), the META-INF/applicationContext.xml contains spring-security configuration along with JPA beans.

When the 2 spring-security beans are commented, the 2 JUnit tests pass.
When the beans are included in the configuration, the JUnit test fail.

Luke Taylor said:

This appears to be a more general problem (not specific to JPA) where our HttpSecurityConfigPostProcessor causes beans to be instantiated too early and they aren’t processed by individual BeanPostProcessors (in this case PersisteceAnnotationBeanPostProcessor). I’ve added a much simpler test to HttpSecurityBeanDefinitionParserTests and refactored the post processing substantially to make it much more conservative about instantiating beans.

Luke Taylor said:

The changes mentioned above should have fixed the problem. Could you check with a recent snapshot please?

Luke Taylor said:

Closing, as the test now passes.

Chris Herron said:

I’m still seeing this problem with snapshot 20080211.160105-53.

I downloaded:
… and I’m using Spring 2.5.3

In my case, my UserDAO implements UserDetailsService directly. Watching the log output, I notice that the UserDAO gets created early along with the security infrastructure, without any EntityManager getting injected. Later on, other DAOs get created and I see the PersistenceContext injection happening.

The only difference I can see between my setup and Xavier’s attachment is that:
1. My UserDAO directly implements UserDetailsService. Xavier’s example uses an @Repository annotated DAO as an auto-wired property of his UserDetailsService implementation.
2. I’m not explicitly using auto-wiring.
3. My config is split across multiple files, imported into a main applicationConfig.xml. Don’t think this matters.
4. I’m using Spring 2.5.3

It’ll take me a while to put together a sanitized example of my setup – sorry!

Chris Herron said:

I just tried Xavier’s SpringSecurityJPAWithAnnotations.zip test, with snapshots:
… and I’m using Spring 2.5.3.

It still fails as Xavier described: a NPE when the DAO attempts to use its injected EntityManager. Commenting out the security config allows the test to pass.

Chris Herron said:

Please disregard my previous comments. I totally missed the timestamp in the snapshot filenames – these weren’t the most recent. Unfortunately, the spring-security-core/tiger snapshots available at http://s3browse.com/explore/maven.springframework.org/snapshot/org/springframework/security/
… stop at 2008-04-01.
I’m not a maven user, is there another way to get more recent snapshots without doing a build myself?

Luke Taylor said:

I’m not sure why snapshots have stopped there, but thanks for pointing it out. I’ll check with the build manager. Building yourself is actuall pretty straightforward and often the easiest option for keeping up with things:


Chris Herron said:

Thanks Luke – I was able to checkout and build the trunk. With this fresh snapshot, Xavier’s test passes, and my issue is resolved.
Sorry for the noise!

Luke Taylor said:

No Problem. Nice to have extra confirmation that the problem is fixed. The snapshot builds should be back online now too.

tran duc trung said:

I always have this bug with spring 2.5.4 and spring-security 2.0.1

Luke Taylor said:

Maybe you are thinking of this SEC-826? Both are fixed against the latest release (2.0.2) so we will need a test case which reproduces the problem if you think there is still an issue.

@spring-issuemaster spring-issuemaster added this to the 2.0.0 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment