0

In Spring Security 2.0.7, I am configure the WebXmlMappableAttributesRetriever as follow:

<bean id="mappableRolesRetriever" 
        class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
    <property name="webXmlInputStream">
        <bean factory-bean="webXmlResource" factory-method="getInputStream"/>
    </property>
</bean>

<bean id="webXmlResource" class="org.springframework.web.context.support.ServletContextResource">
    <constructor-arg ref="servletContext"/>
    <constructor-arg value="/WEB-INF/web.xml"/>
</bean>

<bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>

However, when come to spring security 4.2.0, the webXmlInputStream property no longer exist in WebXmlMappableAttributesRetriever. I go to check the source code in WebXmlMappableAttributesRetriever, the afterPropertiesSet() method and I saw it doing something like retrieving data from /WEB-INF/web.xml like what I set in Spring security 2.

Resource webXml = resourceLoader.getResource("/WEB-INF/web.xml");
        Document doc = getDocument(webXml.getInputStream());

Does this means that I no longer need to do this configuration in Spring security 4?

Panadol Chong
  • 1,793
  • 13
  • 54
  • 119
  • Did you try it? – dur Jul 24 '18 at 18:08
  • Hi @dur , yes, I tried it, and I am able to start my web. I believe that it is work. However, I am hitting `An Authentication object was not found in the SecurityContext` error. I am still checking is it related. – Panadol Chong Jul 25 '18 at 06:54

0 Answers0