From c05f27af6cda61fb5f2a89af2a6816ddaa68e485 Mon Sep 17 00:00:00 2001
From: Oliver Gierke <info@olivergierke.de>
Date: Thu, 27 Nov 2014 19:48:42 +0100
Subject: [PATCH] SEC-2773: Prevent premature container initialization in
 WebSecurityConfiguration.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Changed the bean definition method for the DelegatingApplicationListener
to be static to avoid the need to instantiate the configuration class which
caused further premature initializations to satisfy the dependencies
expressed in setFilterChainProxySecurityConfigurer(…).
---
 .../annotation/web/configuration/WebSecurityConfiguration.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 62d1f99f4c..3ddb4ee862 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -74,7 +74,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
     private ClassLoader beanClassLoader;
 
     @Bean
-    public DelegatingApplicationListener delegatingApplicationListener() {
+    public static DelegatingApplicationListener delegatingApplicationListener() {
         return new DelegatingApplicationListener();
     }