grails-spring-security-core icon indicating copy to clipboard operation
grails-spring-security-core copied to clipboard

Published 20 hours ago verified publisher icon grails

Tags in SecurityTagLib are not disabled when plugin is set to inactive

Open davidcwalker opened this issue 5 years ago • 0 comments

Task List

  • [x] Steps to reproduce provided
  • [x] Stacktrace (if present) provided
  • [x] Example that reproduces the problem uploaded to Github
  • [x] Full description of the issue provided (see below)

Steps to Reproduce

  1. Create new Grails application and install Spring Security Core plugin v3.2.0
  2. In application.yml, under evnironments->development, add configuration grails.plugin.springsecurity.active: false
  3. Add <sec:ifAllGranted roles="ROLE_USER"> tag to the sample index.gsp homepage.

Expected Behaviour

If Spring Security Core plugin is disabled, tags from SecurityTagLib should be disabled as well.

Actual Behaviour

The following error is received: Error executing tag <sec:ifAllGranted>: No bean named 'roleHierarchy' available

Stacktrace (partial):

org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'roleHierarchy' available
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1218)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:284)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1086)
	at grails.plugin.springsecurity.SpringSecurityUtils.getBean(SpringSecurityUtils.groovy:647)
	at grails.plugin.springsecurity.SpringSecurityUtils.findInferredAuthorities(SpringSecurityUtils.groovy:642)
	at grails.plugin.springsecurity.SpringSecurityUtils.ifAllGranted(SpringSecurityUtils.groovy:196)
	at grails.plugin.springsecurity.SpringSecurityUtils.ifAllGranted(SpringSecurityUtils.groovy:192)
	at grails.plugin.springsecurity.SecurityTagLib$_closure1.doCall(SecurityTagLib.groovy:62)
	at org.grails.gsp.GroovyPage.invokeTagLibClosure(GroovyPage.java:446)
	at org.grails.gsp.GroovyPage.invokeTag(GroovyPage.java:364)

Other tags are also executed; for instance, if a block of text is surrounded with sec:ifLoggedIn and Spring Security is set active: false in application.yml, the block of text will not appear if the user is not logged in.

Environment Information

  • Operating System: Windows 10
  • GORM Version: 6.1
  • Grails Version (if using Grails): 3.3.9
  • JDK Version: 1.8.0_211

Example Application

  • https://github.com/davidcwalker/spring-security-taglib-issue

davidcwalker avatar Jul 15 '19 14:07 davidcwalker