Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12780

Closed
wilkinsona opened this issue Feb 24, 2023 · 2 comments
Closed

@EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it from being post-processed #12780

wilkinsona opened this issue Feb 24, 2023 · 2 comments
Assignees
@jzheaux
Labels
in: config An issue in spring-security-config type: bug A general bug
Milestone
6.0.3

Comments

@wilkinsona
Copy link
Member

Describe the bug

@EnableReactiveMethodSecurity causes premature initialization of the ObservationRegistry and prevents it from being post-processed.

The preAuthorizeInterceptor bean defined in ReactiveAuthorizationManagerMethodSecurityConfiguration is an Advisor so it's created very early by the AOP infrastructure. It injects an ObjectProvider<ObservationRegistry> which should delay the creation of the ObservationRegistry. Unfortunately, this provider is passed into ReactiveAuthorizationManagerMethodSecurityConfiguration#manager which immediately calls getIfAvailable(). As a result the ObservationRegistry is created very early as part of setting up the AOP infrastructure and this prevents it from being post-processed.

To Reproduce

See the sample provided in spring-projects/spring-boot#34366.

Expected behavior

@EnableReactiveMethodSecurity does not prevent the ObservationRegistry from being post-processed.

Sample

See the sample provided in spring-projects/spring-boot#34366.
@wilkinsona wilkinsona added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Feb 24, 2023
@wilkinsona wilkinsona mentioned this issue Feb 24, 2023
Closed
@jzheaux jzheaux self-assigned this Feb 24, 2023
@jzheaux jzheaux added in: config An issue in spring-security-config and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 24, 2023
@jzheaux jzheaux added this to the 6.0.3 milestone Feb 24, 2023
@jzheaux jzheaux mentioned this issue Feb 24, 2023
Closed
This was referenced Mar 2, 2023
Closed
Closed
@cse050
Copy link

cse050 commented Mar 18, 2023

Hi Josh,

thx for resolving this.

Would you know which spring boot release which will contain this change?

bbd31f0

@philwebb
Copy link
Member

@cse050 The fix will be in Spring Security 6.0.3 (check the milestone of this issue) which has not yet been released. Spring Security 6.0.3 is due to be released on April 17 which means it should be in Spring Boot 3.0.6

@bclozel bclozel mentioned this issue Apr 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config type: bug A general bug
Projects
None yet
Milestone
6.0.3
Development

No branches or pull requests
4 participants
@philwebb @wilkinsona @jzheaux @cse050