Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Startup failure with Spring Security and aspect before method #35162

Closed
btkelly opened this issue Apr 25, 2023 · 1 comment
Closed

Startup failure with Spring Security and aspect before method #35162

btkelly opened this issue Apr 25, 2023 · 1 comment
Labels
for: external-project For an external project and not something we can fix status: invalid An issue that we don't feel is valid

Comments

@btkelly
Copy link

btkelly commented Apr 25, 2023

This issue feels related to #19010 but it's possible that it just has similar symptoms. The root issue is using Spring security, WebFlux and an aspect causes the Spring application to fail to start. The actual stack trace can be found below along with a sample application that reproduces the problem. If I remove the aspect from the app everything starts up just fine.

Version Info:
Spring Boot: 3.0.6
Spring Dependency Management: 1.1.0
Kotlin: 1.7.22
Java Version: 17

Sample App:
https://github.com/btkelly/spring-security-aspect-bug

Aspect Class Causing Issue:

@Aspect
@Component
class AspectTest {

    @Before(
        "execution(public * org.springframework.security.config.web.server.ServerHttpSecurity.authorizeExchange()) " +
            "&& target(serverHttpSecurity)"
    )
    fun updateServerHttpSecurity(serverHttpSecurity: ServerHttpSecurity) {
        println("We are here $serverHttpSecurity")
    }
}

Stacktrace

Caused by: java.lang.IllegalArgumentException: No visible constructors in class org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration$ContextAwareServerHttpSecurity
	at org.springframework.cglib.core.ClassLoaderAwareGeneratorStrategy.generate(ClassLoaderAwareGeneratorStrategy.java:57) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.AbstractClassGenerator.generate(AbstractClassGenerator.java:362) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.proxy.Enhancer.generate(Enhancer.java:575) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.lambda$new$1(AbstractClassGenerator.java:103) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.internal.LoadingCache.lambda$createEntry$1(LoadingCache.java:52) ~[spring-core-6.0.8.jar:6.0.8]
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
	at org.springframework.cglib.core.internal.LoadingCache.createEntry(LoadingCache.java:57) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.internal.LoadingCache.get(LoadingCache.java:34) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.AbstractClassGenerator$ClassLoaderData.get(AbstractClassGenerator.java:126) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:313) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.proxy.Enhancer.createHelper(Enhancer.java:562) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.cglib.proxy.Enhancer.createClass(Enhancer.java:407) ~[spring-core-6.0.8.jar:6.0.8]
	at org.springframework.aop.framework.ObjenesisCglibAopProxy.createProxyClassAndInstance(ObjenesisCglibAopProxy.java:62) ~[spring-aop-6.0.8.jar:6.0.8]
	at org.springframework.aop.framework.CglibAopProxy.buildProxy(CglibAopProxy.java:213) ~[spring-aop-6.0.8.jar:6.0.8]
	... 36 common frames omitted
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 25, 2023
@wilkinsona
Copy link
Member

The visibility of ContextAwareServerHttpSecurity prevents it from being proxied. Proxying is required as the class is a target of your aspect. ContextAwareSeverHttpSecurity is part of Spring Security so there's nothing we can do about this in Spring Boot I'm afraid. You may want to raise this with the Spring Security team.

@wilkinsona wilkinsona closed this as not planned Won't fix, can't repro, duplicate, stale Apr 25, 2023
@wilkinsona wilkinsona added status: invalid An issue that we don't feel is valid for: external-project For an external project and not something we can fix and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
for: external-project For an external project and not something we can fix status: invalid An issue that we don't feel is valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@btkelly @wilkinsona @spring-projects-issues