Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs for Spring Security's ConcurrentSessionFilter) #27372

Closed
ghost opened this issue Sep 8, 2021 · 1 comment
Closed

Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs for Spring Security's ConcurrentSessionFilter) #27372

ghost opened this issue Sep 8, 2021 · 1 comment
Assignees
@jhoeller
Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
5.3.10

Comments

@ghost
Copy link

ghost commented Sep 8, 2021

I found a warning in my logs, so I created a issue:
spring-projects/spring-security#10211

jgrandja closed my issue with this explanation:
This issue should be logged in Spring Framework since GenericTypeAwarePropertyDescriptor exists there and is the one logging the warning message.
However, I don't see this as an issue. If you want to suppress this warning message you could configure the logging framework to suppress that specific message or all logs in that class.

I think this should be fixed in spring-security, since your GenericTypeAwarePropertyDescriptor just logs similar looking methods, which could be a problem. In this case it is no problem since both methods with the name setLogoutHandlers have similar parameters, but doing the same, at least now.

11:54:01,463 WARN org.springframework.beans.GenericTypeAwarePropertyDescriptor [GenericTypeAwarePropertyDescriptor.java:141] - Invalid JavaBean property 'logoutHandlers' being accessed! Ambiguous write methods found next to actually used [public void org.springframework.security.web.session.ConcurrentSessionFilter.setLogoutHandlers(org.springframework.security.web.authentication.logout.LogoutHandler[])]: [public void org.springframework.security.web.session.ConcurrentSessionFilter.setLogoutHandlers(java.util.List)]

Affects:
Spring: 5.3.6
Spring-Security: 5.4.6
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Sep 8, 2021
@jhoeller jhoeller self-assigned this Sep 13, 2021
@jhoeller jhoeller added in: core Issues in core modules (aop, beans, core, context, expression) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Sep 13, 2021
@jhoeller jhoeller added this to the 5.3.10 milestone Sep 13, 2021
@jhoeller
Copy link
Contributor

I suppose we could lower the log level there (and possibly rephrase the message to sound less scary), assuming that each of the setters would do the same job for our injection purposes. If such a multi-setter arrangement is actually inconsistent at runtime, it'll eventually fail with an argument conversion exception or the like anyway... just possibly at a later point of execution.

Generally speaking, JavaBean properties are only allowed to have a single setter method per property name. However, we handle other bean conventions in a rather relaxed way, so we could relax this here as well.

@jhoeller jhoeller changed the title Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs) Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs for Spring Security's ConcurrentSessionFilter) Sep 13, 2021
@jhoeller jhoeller added the for: backport-to-5.2.x Marks an issue as a candidate for backport to 5.2.x label Sep 13, 2021
@spring-projects-issues spring-projects-issues added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.2.x Marks an issue as a candidate for backport to 5.2.x labels Sep 13, 2021
Closed
jhoeller added a commit that referenced this issue Sep 13, 2021
@jhoeller
Reduce log statement for non-unique JavaBean property to debug level
9ad3464 
Closes gh-27372

(cherry picked from commit 6c17e93)
@sync-by-unito sync-by-unito bot mentioned this issue Sep 15, 2021
Closed
lxbzmy pushed a commit to lxbzmy/spring-framework that referenced this issue Mar 26, 2022
@jhoeller @lxbzmy
Reduce log statement for non-unique JavaBean property to debug level
1903027 
Closes spring-projectsgh-27372
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhoeller jhoeller

Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.10
Development

No branches or pull requests
2 participants
@jhoeller @spring-projects-issues