Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager

**Expected Behavior**

The following code should work:

```
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http, ApplicationContext context)
      throws Exception {

    http.authorizeHttpRequests(
        requests ->
            requests
                .requestMatchers("/admin/{id}")
                .access(
                    new WebExpressionAuthorizationManager(
                        "hasRole('ADMIN') && @webSecurity.check(#id)")));
    http.httpBasic();
    return http.build();
  }

```
**Current Behavior**

Currently, it throws an exception:

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1057E: No bean resolver registered in the context to resolve access to bean 'webSecurity'

The reason is that the application context is not set in the expressionHandler class WebExpressionAuthorizationManager.

The workarounds described by rwinch in https://github.com/spring-projects/spring-security/issues/12974 are too complicated in a more complex security configuration.


This improvement would solve: https://github.com/spring-projects/spring-security/issues/13184




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions