Issue
Autowired is not working in CustomMethodSecurityExpressionRoot always returning NULL. here is the custom method security.
public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
Logger logger = LoggerFactory.getLogger(this.getClass());
private Object filterObject;
private Object returnObject;
@Autowired GraphTraversalSource g;
public CustomMethodSecurityExpressionRoot(Authentication authentication) {
super(authentication);
}
public boolean isMember(String orgId) {
System.out.println(g);
String user = this.authentication.getName();
logger.debug("Check the permission for the user {}", user);
System.out.println(g);
return true;
}
@Override
public void setFilterObject(Object obj) {
this.filterObject = obj;
}
@Override
public Object getFilterObject() {
return this.filterObject;
}
@Override
public void setReturnObject(Object obj) {
this.returnObject = obj;
}
@Override
public Object getReturnObject() {
return this.returnObject;
}
@Override
public Object getThis() {
return this;
}
}
Tried the following too
public void setG(GraphTraversalSource g) {
this.g = g;
}
Why it is return in g
as NULL always. In other place controller / service, I am getting the expected value Traversalsource[emptygraph[empty], standard]
.
Solution
Found the problem. g
dosen't have access to Application Context. We need to set the g
in the CustomMethodSecurityExpressionRoot
instance to be able to use it.
public class AuctionMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {
private ApplicationContext applicationContext;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
MethodInvocation invocation) {
AuctionMethodSecurityExpressionRoot root = new AuctionMethodSecurityExpressionRoot(authentication);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(this.trustResolver);
root.setRoleHierarchy(getRoleHierarchy());
root.setG(this.applicationContext.getBean(GraphTraversalSource.class));
return root;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) {
super.setApplicationContext(applicationContext);
this.applicationContext=applicationContext;
}
}
and
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
Logger logger = LoggerFactory.getLogger(this.getClass());
@Autowired
private ApplicationContext applicationContext;
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
CustomMethodSecurityExpressionHandler expressionHandler = new CustomMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
expressionHandler.setApplicationContext(applicationContext);
logger.debug("Method security expression handler configured to CustomMethodSecurityExpressionHandler");
return expressionHandler;
}
}
Answered By - Thirumal
Answer Checked By - Terry (JavaFixing Volunteer)