Skip to content

PrePostTemplateDefaults pick up the ConversionService bean #15721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vratojr opened this issue Sep 2, 2024 · 0 comments
Closed

PrePostTemplateDefaults pick up the ConversionService bean #15721

vratojr opened this issue Sep 2, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement

Comments

@vratojr
Copy link

vratojr commented Sep 2, 2024

Expected Behavior

When a ConversionService bean is defined, it should be picked up by the AuthorizationAnnotationUtils

Current Behavior

AuthorizationAnnotationUtils use a static access to the DefaultConversionService

Context

I have an annotation like:

@Documented
@Target({ METHOD, TYPE })
@Retention(RUNTIME)
@PreAuthorize("@accessControlManager.hasAuthorization(#id)")
@Inherited
public @interface RestrictedAccess {

  AccessRight access();

  Functionality functionality();

  Class<?> entityClass();

  String[] recipes() default {};
}

That always pick the 'id' param of the annotated method. Now I need to make it more generic, in case the id is 'hidden' somewhere else, so following the guide I updated to this version:

@Documented
@Target({ METHOD, TYPE })
@Retention(RUNTIME)
@PreAuthorize("@accessControlManager.hasAuthorization({idPath})")
@Inherited
public @interface RestrictedAccess {

  /* SPEL expression that return the id of the concerned entity. By default it corresponds to a parameter named 'id' */
  String idPath() default "#id";

  AccessRight access();

  Functionality functionality();

  Class<?> entityClass();

  String[] recipes() default {};
}

And I had to add:

  @Bean
  public PrePostTemplateDefaults prePostTemplateDefaults() {
    return new PrePostTemplateDefaults();
  }

In my configuration. The problem is that this last bean activates the AuthorizationAnnotationUtils and this, in turn performs a type check on the parameters of mine annotation and crashes when testing the 'entityClass' attribute since a converter from Class to String is missing. Ok, this is already suspect to me but I started the journey to add a Converter. So I tried to just declare a bean like:

   @Bean
   public ClassToStringConverter classToStringConverter() {
     return new ClassToStringConverter();
   }

The problem is that the bean is picked up by the WebConverter that's not the same instance that's used by the AuthorizationAnnotationUtils. In fact if we look at the code over there we see something like:

String asString = (value instanceof String) ? (String) value
                        : DefaultConversionService.getSharedInstance().convert(value, String.class);

So, the workaround is that I had to force my converter over there with:

  @PostConstruct
  public void setUp() {
    ((GenericConversionService)DefaultConversionService.getSharedInstance()).addConverter(new ClassToStringConverter());
  }
@vratojr vratojr added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Sep 2, 2024
@kse-music kse-music mentioned this issue Sep 2, 2024
Merged
@jzheaux jzheaux changed the title When using PrePostTemplateDefaults there's no easy way to customize the ConversionService PrePostTemplateDefaults pick up the ConversionService bean Sep 3, 2024
kse-music pushed a commit to kse-music/spring-security that referenced this issue Sep 4, 2024
@jzheaux @kse-music
Use AuthorizationAnnotationPropertyConversionService
ee9254a 
Closes spring-projectsgh-15721
kse-music added a commit to kse-music/spring-security that referenced this issue Sep 4, 2024
@kse-music
Use custom conversionService
b75600f 
Closes spring-projectsgh-15721
kse-music added a commit to kse-music/spring-security that referenced this issue Sep 4, 2024
@kse-music
Use custom conversionService
508a9f2 
Closes spring-projectsgh-15721
@jzheaux jzheaux self-assigned this Sep 4, 2024
@jzheaux jzheaux added in: core An issue in spring-security-core and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 4, 2024
jzheaux pushed a commit to kse-music/spring-security that referenced this issue Sep 4, 2024
@kse-music @jzheaux
Support Class Attributes in Annotation Template Processing
b195dc9 
Closes spring-projectsgh-15721
@jzheaux jzheaux closed this as completed in 5c20505 Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vratojr @jzheaux