You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running on Java 8 with spring-security, but without spring-security-web then there is an ArrayStoreException in the ErrorPageSecurityFilterConfiguration. This is caused by the work that was done for #26356. The ErrorPageSecurityFilterConfiguration should not use @ConditionalOnBean(WebInvocationPrivilegeEvaluator.class), but it should rather use @ConditionalOnBean(type = "org.springframework.security.web.access.WebInvocationPrivilegeEvaluator") or there should be a guard on the configuration class itself.
Most likely the same problem that exists for @ConditionalOnClass (#27846) exists for the @ConditonalOnBean as well.
The text was updated successfully, but these errors were encountered:
wilkinsona
changed the title
ArrayStoreException on Java 8 when upgrading to Spring Boot 2.6
ArrayStoreException when using Spring Security in a Servlet app without spring-security-web
Nov 22, 2021
Unfortunately I missed this problem earlier.
When running on Java 8 with
spring-security
, but withoutspring-security-web
then there is anArrayStoreException
in theErrorPageSecurityFilterConfiguration
. This is caused by the work that was done for #26356. TheErrorPageSecurityFilterConfiguration
should not use@ConditionalOnBean(WebInvocationPrivilegeEvaluator.class)
, but it should rather use@ConditionalOnBean(type = "org.springframework.security.web.access.WebInvocationPrivilegeEvaluator")
or there should be a guard on the configuration class itself.Most likely the same problem that exists for
@ConditionalOnClass
(#27846) exists for the@ConditonalOnBean
as well.The text was updated successfully, but these errors were encountered: