SEC-750: Support for JPA PersistenceContext annotation broken #994

Closed
spring-issuemaster opened this Issue Apr 4, 2008 · 12 comments

1 participant

@spring-issuemaster

Xavier (Migrated from SEC-750) said:

When Spring Security is used, JPA annotations auto-wiring is not supported : the @PersistenceContext EntityManager is not injected in the DAO layer, which results in NullPointerExceptions

@spring-issuemaster

Xavier said:

In the given Eclipse project (requires maven plugin to run, or maven command line), the META-INF/applicationContext.xml contains spring-security configuration along with JPA beans.

When the 2 spring-security beans are commented, the 2 JUnit tests pass.
When the beans are included in the configuration, the JUnit test fail.

@spring-issuemaster

Luke Taylor said:

This appears to be a more general problem (not specific to JPA) where our HttpSecurityConfigPostProcessor causes beans to be instantiated too early and they aren’t processed by individual BeanPostProcessors (in this case PersisteceAnnotationBeanPostProcessor). I’ve added a much simpler test to HttpSecurityBeanDefinitionParserTests and refactored the post processing substantially to make it much more conservative about instantiating beans.

@spring-issuemaster

Luke Taylor said:

The changes mentioned above should have fixed the problem. Could you check with a recent snapshot please?

@spring-issuemaster

Luke Taylor said:

Closing, as the test now passes.

@spring-issuemaster

Chris Herron said:

I’m still seeing this problem with snapshot 20080211.160105-53.

I downloaded:
spring-security-core-2.0-20080211.160105-53.jar
spring-security-core-tiger-2.0-20080211.160105-53.jar
… and I’m using Spring 2.5.3

In my case, my UserDAO implements UserDetailsService directly. Watching the log output, I notice that the UserDAO gets created early along with the security infrastructure, without any EntityManager getting injected. Later on, other DAOs get created and I see the PersistenceContext injection happening.

The only difference I can see between my setup and Xavier’s attachment is that:
1. My UserDAO directly implements UserDetailsService. Xavier’s example uses an @Repository annotated DAO as an auto-wired property of his UserDetailsService implementation.
2. I’m not explicitly using auto-wiring.
3. My config is split across multiple files, imported into a main applicationConfig.xml. Don’t think this matters.
4. I’m using Spring 2.5.3

It’ll take me a while to put together a sanitized example of my setup – sorry!

@spring-issuemaster

Chris Herron said:

I just tried Xavier’s SpringSecurityJPAWithAnnotations.zip test, with snapshots:
spring-security-core-2.0-20080211.160105-53.jar
spring-security-core-tiger-2.0-20080211.160105-53.jar
… and I’m using Spring 2.5.3.

It still fails as Xavier described: a NPE when the DAO attempts to use its injected EntityManager. Commenting out the security config allows the test to pass.

@spring-issuemaster

Chris Herron said:

Please disregard my previous comments. I totally missed the timestamp in the snapshot filenames – these weren’t the most recent. Unfortunately, the spring-security-core/tiger snapshots available at http://s3browse.com/explore/maven.springframework.org/snapshot/org/springframework/security/
… stop at 2008-04-01.
I’m not a maven user, is there another way to get more recent snapshots without doing a build myself?

@spring-issuemaster

Luke Taylor said:

I’m not sure why snapshots have stopped there, but thanks for pointing it out. I’ll check with the build manager. Building yourself is actuall pretty straightforward and often the easiest option for keeping up with things:

http://static.springframework.org/spring-security/site/building.html

@spring-issuemaster

Chris Herron said:

Thanks Luke – I was able to checkout and build the trunk. With this fresh snapshot, Xavier’s test passes, and my issue is resolved.
Sorry for the noise!

@spring-issuemaster

Luke Taylor said:

No Problem. Nice to have extra confirmation that the problem is fixed. The snapshot builds should be back online now too.

@spring-issuemaster

tran duc trung said:

I always have this bug with spring 2.5.4 and spring-security 2.0.1

@spring-issuemaster

Luke Taylor said:

Maybe you are thinking of this SEC-826? Both are fixed against the latest release (2.0.2) so we will need a test case which reproduces the problem if you think there is still an issue.

@spring-issuemaster spring-issuemaster added this to the 2.0.0 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment