Disable Spring AOP MethodSecurityInterceptor when using AspectJ CTW -

-

i have project uses spring security , making of aspectj compile time weaving (ctw) weave in spring-security-aspects. allows me use annotations such @preauthorize in non-spring managed classes (which works fine) i'm having problems spring managed classes now.

i have controller (annotated @controller) method:

@requestmapping("/test") @preauthorize("hasrole('user')") public string test() {     return "test"; }

this seem work fine except spring still seems proxying controller bean , hitting methodsecurityinterceptor. means hasrole() method gets hit twice, once proxy , second time aspectj woven code.

i using @enableautoconfiguration , have global method security enabled @enableglobalmethodsecurity(prepostenabled = true, mode = advicemode.aspectj). suspect in configuration messing things up, bit more knowledge of spring security or spring aop know might going on here?

the controller has been woven aspectj code it's visible in (decompiled) class file: 

    joinpoint var5 = factory.makejp(ajc$tjp_2, this, this, test, model);     annotationsecurityaspect var10000 = annotationsecurityaspect.aspectof();     object[] var6 = new object[]{this, search, model, var5};     return (string)var10000.ajc$around$org_springframework_security_access_intercept_aspectj_aspect_annotationsecurityaspect$1$c4d57a2b(new testcontroller$ajcclosure5(var6), var5);

this partial stack trace may explain what's going on, when methodsecurityinterceptor has done it's work , calls mi.proceed() hit aspectj code weaved in method body.

at org.springframework.security.access.intercept.aopalliance.methodsecurityinterceptor.invoke(methodsecurityinterceptor.java:64) @ org.springframework.aop.framework.reflectivemethodinvocation.proceed(reflectivemethodinvocation.java:179)   @ org.springframework.aop.framework.cglibaopproxy$dynamicadvisedinterceptor.intercept(cglibaopproxy.java:653)   @ com.example.controller.testcontroller$$enhancerbyspringcglib$$3e3715a5.test(<generated>:-1)   @ sun.reflect.nativemethodaccessorimpl.invoke0(nativemethodaccessorimpl.java:-1)   @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:62)   @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43)   @ java.lang.reflect.method.invoke(method.java:483)   @ org.springframework.web.method.support.invocablehandlermethod.doinvoke(invocablehandlermethod.java:221)   @ org.springframework.web.method.support.invocablehandlermethod.invokeforrequest(invocablehandlermethod.java:137)   @ org.springframework.web.servlet.mvc.method.annotation.servletinvocablehandlermethod.invokeandhandle(servletinvocablehandlermethod.java:111)   @ org.springframework.web.servlet.mvc.method.annotation.requestmappinghandleradapter.invokehandlemethod(requestmappinghandleradapter.java:799)   @ org.springframework.web.servlet.mvc.method.annotation.requestmappinghandleradapter.handleinternal(requestmappinghandleradapter.java:728)   @ org.springframework.web.servlet.mvc.method.abstracthandlermethodadapter.handle(abstracthandlermethodadapter.java:85)   @ org.springframework.web.servlet.dispatcherservlet.dodispatch(dispatcherservlet.java:959)   @ org.springframework.web.servlet.dispatcherservlet.doservice(dispatcherservlet.java:893)   @ org.springframework.web.servlet.frameworkservlet.processrequest(frameworkservlet.java:969)   @ org.springframework.web.servlet.frameworkservlet.doget(frameworkservlet.java:860)   @ javax.servlet.http.httpservlet.service(httpservlet.java:622)   @ org.springframework.web.servlet.frameworkservlet.service(frameworkservlet.java:845)   @ javax.servlet.http.httpservlet.service(httpservlet.java:729)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:291)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.apache.tomcat.websocket.server.wsfilter.dofilter(wsfilter.java:52)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.web.servlet.resource.resourceurlencodingfilter.dofilterinternal(resourceurlencodingfilter.java:51)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.boot.actuate.autoconfigure.endpointwebmvcautoconfiguration$applicationcontextheaderfilter.dofilterinternal(endpointwebmvcautoconfiguration.java:233)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.boot.actuate.trace.webrequesttracefilter.dofilterinternal(webrequesttracefilter.java:102)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:316)   @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.invoke(filtersecurityinterceptor.java:126)   @ org.springframework.security.web.access.intercept.filtersecurityinterceptor.dofilter(filtersecurityinterceptor.java:90)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.access.exceptiontranslationfilter.dofilter(exceptiontranslationfilter.java:114)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.session.sessionmanagementfilter.dofilter(sessionmanagementfilter.java:122)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.authentication.anonymousauthenticationfilter.dofilter(anonymousauthenticationfilter.java:111)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter.dofilter(securitycontextholderawarerequestfilter.java:168)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.savedrequest.requestcacheawarefilter.dofilter(requestcacheawarefilter.java:48)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.authentication.www.basicauthenticationfilter.dofilterinternal(basicauthenticationfilter.java:213)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.authentication.logout.logoutfilter.dofilter(logoutfilter.java:120)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.header.headerwriterfilter.dofilterinternal(headerwriterfilter.java:64)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.context.securitycontextpersistencefilter.dofilter(securitycontextpersistencefilter.java:91)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter.dofilterinternal(webasyncmanagerintegrationfilter.java:53)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:330)   @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:213)   @ org.springframework.security.web.filterchainproxy.dofilter(filterchainproxy.java:176)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.web.filter.hiddenhttpmethodfilter.dofilterinternal(hiddenhttpmethodfilter.java:77)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.web.filter.characterencodingfilter.dofilterinternal(characterencodingfilter.java:85)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.springframework.boot.actuate.autoconfigure.metricsfilter.dofilterinternal(metricsfilter.java:68)   @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)   @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:239)   @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206)   @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:219)   @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:106)   @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:502)   @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:142)   @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:79)   @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:88)   @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:518)   @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1091)   @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:668)   @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.dorun(nioendpoint.java:1521)   @ org.apache.tomcat.util.net.nioendpoint$socketprocessor.run(nioendpoint.java:1478)   - locked <0x1e9e> (a org.apache.tomcat.util.net.niochannel)   @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1142)   @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:617)   @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61)   @ java.lang.thread.run(thread.java:745)

there issue not honoring aspectj configuration when using namespace of java based configuration. has been resolved current (4.0.2) version of spring security.

see sec-3045 more information.


Comments

Post a Comment

Popular posts from this blog

python - pip install -U PySide error -

-
does know how avoid following error when running pip install -u pyside per official website instructions here: https://pypi.python.org/pypi/pyside/#installing-pyside-on-a-mac-os-x-system note have done brew install qt successfully. you using pip version 7.0.3, version 7.1.2 available. should consider upgrading via 'pip install --upgrade pip' command. collecting pyside using cached pyside-1.2.4.tar.gz installing collected packages: pyside running setup.py install pyside complete output command /applications/anaconda/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-build-cpxemt/pyside/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-0r7hri-record/install-record.txt --single-version-externally-managed --compile:
Read more

arrays - C++ error: a brace-enclosed initializer is not allowed here before ‘{’ token -

-
simple question: i'm trying initialize array within c++ class declaration: using namespace std; #include <string> class myclass{ public: string myarray[] = {"a","b","c"}; }; and i'm getting error: error: brace-enclosed initializer not allowed here before ‘{’ token no, without complied c++11 compiler, cannot initialize member array in declaration. have initialize array member in constructor. , don't use open array if know number of elements initialize array.
Read more

cytoscape.js - How to add nodes to Dagre layout with Cytoscape -

-
i trying add nodes dagre graph through cityscape.js. problem nodes not painted. code have: cy.add({ group: "nodes", data: { id:"n0",name:"n0",weight: 75 }, }); $.ajax(url).done(function(jsontree){ var newnodes=[]; for(var i=1;i<6;i++){ //var child = jsontree.result[i]; newnodes.push( { group: "nodes", data: { id: "n"+i, name:"n"+i}}, { group: "edges", data: { id: "e"+i, source: "n0", target: "n"+i } } ); } cy.add(newnodes); any ideas? have used loaded function reload graph not work. not know if have use specific function reload graph. thank in advance. you need add positions new nodes. cytoscape.js docs : it important note positions of newly added nodes must defined when calling cy.add(). nodes can not placed in graph without valid position — otherwise not displayed. yo
Read more