SEC-2249: AbstractSecurityWebApplicationInitializer does not delegate WebApplicationInitializer

Previously AbstractSecurityWebApplicationInitializer delegated to a WebApplicationInitializer, but it caused issues in some instances where a container would pass the annonymous inner class to SpringServletContainerInitializer which caused errors on startup. Now AbstractSecurityWebApplicationInitializer registers the ContextLoaderListener on its own instead of delegating.
2013-08-09 09:22:11 -05:00 · 2013-08-09 09:22:11 -05:00 · 867f02e8ac
parent e1dfa81a0f
commit 867f02e8ac
1 changed files with 7 additions and 22 deletions
--- a/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
+++ b/web/src/main/java/org/springframework/security/web/context/AbstractSecurityWebApplicationInitializer.java
@ -80,7 +80,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp

    public static final String DEFAULT_FILTER_NAME = "springSecurityFilterChain";

-    private WebApplicationInitializer contextLoaderListenerInitializer;
+    private final Class<?>[] configurationClasses;

    /**
     * Creates a new instance that assumes the Spring Security configuration is
@ -91,6 +91,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
     * @see ContextLoaderListener
     */
    protected AbstractSecurityWebApplicationInitializer() {
+        this.configurationClasses = null;
    }

    /**
@ -100,7 +101,7 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
     * @param configurationClasses
     */
    protected AbstractSecurityWebApplicationInitializer(Class<?>... configurationClasses) {
-        contextLoaderListenerInitializer = new RootContextApplicationInitializer(configurationClasses){};
+        this.configurationClasses = configurationClasses;
    }

    /* (non-Javadoc)
@ -108,8 +109,10 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
     */
    public final void onStartup(ServletContext servletContext)
            throws ServletException {
-        if(contextLoaderListenerInitializer != null) {
-            contextLoaderListenerInitializer.onStartup(servletContext);
+        if(configurationClasses != null) {
+            AnnotationConfigWebApplicationContext rootAppContext = new AnnotationConfigWebApplicationContext();
+            rootAppContext.register(configurationClasses);
+            servletContext.addListener(new ContextLoaderListener(rootAppContext));
        }
        if(enableHttpSessionEventPublisher()) {
            servletContext.addListener("org.springframework.security.web.session.HttpSessionEventPublisher");
@ -309,22 +312,4 @@ public abstract class AbstractSecurityWebApplicationInitializer implements WebAp
    protected boolean isAsyncSecuritySupported() {
        return true;
    }
-
-    private static abstract class RootContextApplicationInitializer extends AbstractContextLoaderInitializer {
-        private Class<?>[] configurationClasses;
-
-        private RootContextApplicationInitializer(Class<?>... configurationClasses) {
-            this.configurationClasses = configurationClasses;
-        }
-
-        /* (non-Javadoc)
-         * @see org.springframework.web.context.AbstractContextLoaderInitializer#createRootApplicationContext()
-         */
-        @Override
-        protected WebApplicationContext createRootApplicationContext() {
-            AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();
-            context.register(configurationClasses);
-            return context;
-        }
-    }
 }