problem-spring-web icon indicating copy to clipboard operation
problem-spring-web copied to clipboard
verified publisher icon zalando

Fix registration of SecurityExceptionHandling controller advice

Open xak2000 opened this issue 3 years ago • 6 comments

Description

Fix bug introduced in PR #413. Default SecurityExceptionHandling controller advice is not registered in an application.

See https://github.com/zalando/problem-spring-web/issues/707#issuecomment-1209656511 for the detailed explanation.

Motivation and Context

Fixes #707, #541.

Types of changes

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • [ ] My change requires a change to the documentation.
  • [ ] I have updated the documentation accordingly.
  • [x] I have added tests to cover my changes.

xak2000 avatar Aug 10 '22 16:08 xak2000

Recently I want to use this lib found the same bug.

The reason is as you say, when spring find annotation on bean which hasn't been loaded, it uses the type of the bean declare.

Change the return type is just the best solution as you mention. So good

But why the pull request haven't been accepted yet?

A little question, I think public is not necessary maybe?

Farley-Chen avatar May 09 '23 23:05 Farley-Chen

I have a more question.

I found that ProblemHttpConfigurer.java and ProblemSecurityAutoConfiguration.java are for the same purpose to register the SecurityProblemSupport.

Are they duplicate? or I misunderstanding?

Farley-Chen avatar May 10 '23 00:05 Farley-Chen

A little question, I think public is not necessary maybe?

public is required because integration tests for these autoconfigurations are in the separate sibling package now, and these tests access these types. Mybe it's possible to change these tests somehow to not directly access these classes.

xak2000 avatar May 10 '23 13:05 xak2000

But why the pull request haven't been accepted yet?

I don't know. Without this fix autoconfiguration just doesn't work in any version after 0.25.2.

The workaround it simple, though: create your own @ControllerAdvice, that implements ProblemHandling and SecurityAdviceTrait:

@ControllerAdvice
final class SecurityExceptionHandling implements ProblemHandling, SecurityAdviceTrait {
}

xak2000 avatar May 10 '23 13:05 xak2000

Any update?

davidkarlsen avatar Feb 13 '24 15:02 davidkarlsen

@MALPI You seem to be active on the code-base. This issue is a bit iffy - could a fix be merged onto main and a do a release? It's not so good to have to create a hack config class in own package:

@ControllerAdvice
final class Hack implements ProblemHandling, SecurityAdviceTrait {}

in all apps just to work around it.

davidkarlsen avatar Feb 16 '24 10:02 davidkarlsen