Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

puskaiz · 2023-08-08T16:14:43Z

Expected Behavior

The following code should work:

  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http, ApplicationContext context)
      throws Exception {

    http.authorizeHttpRequests(
        requests ->
            requests
                .requestMatchers("/admin/{id}")
                .access(
                    new WebExpressionAuthorizationManager(
                        "hasRole('ADMIN') && @webSecurity.check(#id)")));
    http.httpBasic();
    return http.build();
  }

Current Behavior

Currently, it throws an exception:

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1057E: No bean resolver registered in the context to resolve access to bean 'webSecurity'

The reason is that the application context is not set in the expressionHandler class WebExpressionAuthorizationManager.

The workarounds described by rwinch in #12974 are too complicated in a more complex security configuration.

This improvement would solve: #13184

The text was updated successfully, but these errors were encountered:

puskaiz added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Aug 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

puskaiz commented Aug 8, 2023

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

Set the application context in the expressionHandler of the class WebExpressionAuthorizationManager #13630

Comments

puskaiz commented Aug 8, 2023