Open toughpheeckouse opened 8 years ago
Hi there, I'm facing the same issue. How did you solve it? Thanks!
@maurociancio, GlobalMethodSecurityConfiguration has protected method createExpressionHandler. I've overrided it and set correct PermissionEvaluator:
@Override
protected MethodSecurityExpressionHandler createExpressionHandler()
{
MethodSecurityExpressionHandler expressionHandler = super.createExpressionHandler();
if (expressionHandler instanceof DefaultMethodSecurityExpressionHandler)
{
DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler
= (DefaultMethodSecurityExpressionHandler)expressionHandler;
defaultMethodSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator);
}
else
{
logger.warn("MethodSecurityExpressionHandler is not instance of DefaultMethodSecurityExpressionHandler.");
}
return expressionHandler;
}
If you'll get more beautiful solution, share it please
yes! i've ended up using the same approach. Thanks for your reply!
spring-security version 4.1.3.RELEASE
I have root application context and I created a new child context while initializing root context. Root context has configuration bean GlobalMethodSecurityConfiguration:
while root context initializing created a new child context
in child context created beans which call some protected methods with PreAuthorize("hasPermission(...)") annotation but I always get AccessDeniedException because root context is in initializing method GlobalMethodSecurityConfiguration.afterSingletonsInstantiated is not called yet and expression evaluator uses default permission evaluator DenyAllPermissionEvaluator but expected to be used AclPermissionEvaluator.
Before changes in afterSingletonsInstantiated method GlobalMethodSecurityConfiguration configures defaultMethodExpressionHandler correct autowired permission evaluator (AclPermissionEvaluator).
How to correct configure GlobalMethodSecurityConfiguration before child context will be create?