From 867f02e8ac6e0049e116cc97a62e499a6ef86d92 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 9 Aug 2013 09:22:11 -0500 Subject: [PATCH] SEC-2249: AbstractSecurityWebApplicationInitializer does not delegate WebApplicationInitializer Previously AbstractSecurityWebApplicationInitializer delegated to a WebApplicationInitializer, but it caused issues in some instances where a container would pass the annonymous inner class to SpringServletContainerInitializer which caused errors on startup. Now AbstractSecurityWebApplicationInitializer registers the ContextLoaderListener on its own instead of delegating. --- ...ractSecurityWebApplicationInitializer.java | 29 +++++-------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java index 5254f31667..bcc53fa73e 100644 --- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java +++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java @@ -80,7 +80,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp public static final String DEFAULT_FILTER_NAME = "springSecurityFilterChain"; - private WebApplicationInitializer contextLoaderListenerInitializer; + private final Class[] configurationClasses; /** * Creates a new instance that assumes the Spring Security configuration is @@ -91,6 +91,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp * @see ContextLoaderListener */ protected AbstractSecurityWebApplicationInitializer() { + this.configurationClasses = null; } /** @@ -100,7 +101,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp * @param configurationClasses */ protected AbstractSecurityWebApplicationInitializer(Class... configurationClasses) { - contextLoaderListenerInitializer = new RootContextApplicationInitializer(configurationClasses){}; + this.configurationClasses = configurationClasses; } /* (non-Javadoc) @@ -108,8 +109,10 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp */ public final void onStartup(ServletContext servletContext) throws ServletException { - if(contextLoaderListenerInitializer != null) { - contextLoaderListenerInitializer.onStartup(servletContext); + if(configurationClasses != null) { + AnnotationConfigWebApplicationContext rootAppContext = new AnnotationConfigWebApplicationContext(); + rootAppContext.register(configurationClasses); + servletContext.addListener(new ContextLoaderListener(rootAppContext)); } if(enableHttpSessionEventPublisher()) { servletContext.addListener("org.springframework.security.web.session.HttpSessionEventPublisher"); @@ -309,22 +312,4 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp protected boolean isAsyncSecuritySupported() { return true; } - - private static abstract class RootContextApplicationInitializer extends AbstractContextLoaderInitializer { - private Class[] configurationClasses; - - private RootContextApplicationInitializer(Class... configurationClasses) { - this.configurationClasses = configurationClasses; - } - - /* (non-Javadoc) - * @see org.springframework.web.context.AbstractContextLoaderInitializer#createRootApplicationContext() - */ - @Override - protected WebApplicationContext createRootApplicationContext() { - AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext(); - context.register(configurationClasses); - return context; - } - } }