thymeleaf-extras-springsecurity icon indicating copy to clipboard operation
thymeleaf-extras-springsecurity copied to clipboard
verified publisher icon thymeleaf

There is no way to select the preferred SecurityExpressionHandler to use

Open codependent opened this issue 7 years ago • 0 comments

I have a Spring Boot 1.5.13 + Thymeleaf 3.0.9 + Thymeleaf-extras-springsecurity4 3.0.2 application that uses a custom SecurityExpressionHandler.

When it is evaluating a sec:authorize expression it looks for a SecurityExpressionHandler to use:

org.thymeleaf.extras.springsecurity4.auth.AuthUtils:

private static SecurityExpressionHandler<FilterInvocation> getExpressionHandler(final ServletContext servletContext) {

        final ApplicationContext ctx = getContext(servletContext);
        
        final Map<String, SecurityExpressionHandler> expressionHandlers =
                ctx.getBeansOfType(SecurityExpressionHandler.class);

        for (SecurityExpressionHandler handler : expressionHandlers.values()) {
            if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
                return handler;
            }
        }
        ...
    }

The problem is ctx.getBeansOfType(SecurityExpressionHandler.class) returns two beans a DefaultWebSecurityExpressionHandler and my CustomSecurityExpressionHandler. The for loop just get the first one so there is no way to make it use mine.

I tried annotating my CustomSecurityExpressionHandler with @Primary but it didn't work. Is there a way to workaround this?

codependent avatar Jul 17 '18 07:07 codependent