-
Notifications
You must be signed in to change notification settings - Fork 678
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ProxyingHandlerMethodArgumentResolver
conflicts with @AuthenticationPrincipal
#2937
Comments
Registering |
In this example I'm not configuring anything, it is all Spring Boot auto-configuration, and I don't see an easy way to define the order from external configuration. Defining an order for the |
@rwinch – Do you think it would be possible to explicitly order |
Looking a bit more into this, and how the Maybe another solution would be to use the |
That's a good point. The origin of this particular arrangement was to be able to support As that is a breaking change, I wonder if it makes sense to log a warning in case of a missing explicit declaration on the upcoming bug fix releases. /cc @mp911de |
Well, I found this issue today because I've spend the morning finding the root cause of a strange issue. I think, I have run into the same situation. I also have an interface for the authentication principal (extension of UserDetails). After upgrading to yesterdays's SB v3.3 including SDC v3.3, the handler resolver for a interface-typed The point here is: This only happens after I followed the warning-leveled-hint about configuring Although it seems no out-of-the-box issue for now, if someone fellow the recommendations and also uses interfaces on method arguments, it it actually bugged. Raising attention for this issue here, and for my understanding, this "not-really-catch-all" handlers should be handled with much lower priority in general? Edit: If still required, I build a small poc about this. |
@odrotbohm At first: Is this the right place, or should I create a new issue for this? IMHO this is the same problem, and afaik you are happy with refreshing older issues. Please feel free to correct/advice me. I've looked into this as well, but I'm not quite sure where to start. If I followed the trail correctly, the are only two instance setups of the proxy resolver. In both cases, I'm not sure how to apply an ordered property:
Also I'm still wondering why this simple enabler (using Maybe For refs: 5dd7b32 by Oliver introduced the |
…otated with Spring annotation. We now explicitly do not match handler method parameters that are annotated with anything but @ModelAttribute or @ProjectedPayload. This prevents us accidentally opting into parameter handling for annotated parameters that use interfaces for their declaration and are supposed to be handled by some other infrastructure. Fixes GH-2937.
…otated with Spring annotation. We now explicitly do not match handler method parameters that are annotated with anything but @ModelAttribute or @ProjectedPayload. This prevents us accidentally opting into parameter handling for annotated parameters that use interfaces for their declaration and are supposed to be handled by some other infrastructure. Fixes GH-2937.
With other |
ProxyingHandlerMethodArgumentResolver
conflicts with @AuthenticationPrincipal
…otated with Spring annotation. We now explicitly do not match handler method parameters that are annotated with anything but @ModelAttribute or @ProjectedPayload. This prevents us accidentally opting into parameter handling for annotated parameters that use interfaces for their declaration and are supposed to be handled by some other infrastructure. Fixes spring-projectsGH-2937.
Related ticket spring-projectsGH-2937.
In a Spring application (with Spring Boot 3.1.3 currently), using data and security the
ProxyingHandlerMethodArgumentResolver
will conflict with the use of@AuthenticationPrincipal
in a controller when a custom interface is used for the principal. TheProxyingHandlerMethodArgumentResolver
will be registered beforeAuthenticationPrincipalArgumentResolver
and handle the argument as a projection in the fallback preventing@AuthenticationPrincipal
from working.I see this was improved in #1237, but only the Spring packages are filtered out. In my case I use a custom interface for the principal to inject due to others requirements, so it is not ignored by the
ProxyingHandlerMethodArgumentResolver
. The list of ignored packages also doesn't seem configurable so it is not an option to handle the issue. I could also exclude theSpringDataWebAutoConfiguration
but this exclude everything (like pageable) so it is not ideal.There is already a
@ProjectedPayload
inProxyingHandlerMethodArgumentResolver
so wouldn't it make sense to remove the fallback as it could cause issues in multiple situations?Here a small example that reproduce the issue:
If this is run with security and data (jdbc for example), the principal wont be injected in the controller but we'll have an empty projection instead. If
SpringDataWebAutoConfiguration
is excluded, it works as expected.The text was updated successfully, but these errors were encountered: