diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java index 3cb1d22365..58c4846445 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java @@ -24,6 +24,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.aop.framework.ProxyFactoryBean; import org.springframework.aop.target.LazyInitTargetSource; +import org.springframework.beans.factory.BeanFactoryUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; @@ -104,7 +105,7 @@ public class AuthenticationConfiguration { @SuppressWarnings("unchecked") private T lazyBean(Class interfaceName) { LazyInitTargetSource lazyTargetSource = new LazyInitTargetSource(); - String[] beanNamesForType = applicationContext.getBeanNamesForType(interfaceName); + String[] beanNamesForType = BeanFactoryUtils.beanNamesForTypeIncludingAncestors(applicationContext, interfaceName); if(beanNamesForType.length == 0) { return null; } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy index 9cc95b6df5..4840a55e06 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy @@ -22,6 +22,7 @@ import org.aopalliance.intercept.MethodInterceptor import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.ApplicationContext import org.springframework.context.ApplicationListener +import org.springframework.context.annotation.AnnotationConfigApplicationContext import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.security.access.AccessDeniedException @@ -301,4 +302,41 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec { new MethodSecurityServiceImpl() } } + + def "SEC-2479: Support AuthenticationManager in parent"() { + setup: + SecurityContextHolder.getContext().setAuthentication( + new TestingAuthenticationToken("user", "password","ROLE_USER")) + loadConfig(Sec2479ParentConfig) + def child = new AnnotationConfigApplicationContext() + child.register(Sec2479ChildConfig) + child.parent = context + child.refresh() + MethodSecurityService service = child.getBean(MethodSecurityService) + when: + service.preAuthorize() + then: + thrown(AccessDeniedException) + cleanup: + child?.close() + } + + @Configuration + static class Sec2479ParentConfig { + static AuthenticationManager AM + + @Bean + public AuthenticationManager am() { + AM + } + } + + @Configuration + @EnableGlobalMethodSecurity(prePostEnabled = true) + static class Sec2479ChildConfig { + @Bean + public MethodSecurityService service() { + new MethodSecurityServiceImpl() + } + } }