Getting No Bean Registered Registrar

Question

Getting No Bean Registered Registrar

After upgrading from Spring boot 1.2.5 to 1.3.0 BUILD-SNAPSHOT today, 1.3.0 BUILD-SNAPSHOT The @PreAuthorize call @PreAuthorize not work:

Example:

 @PreAuthorize("@defaultSecurityService.canDoSomething(authentication.principal.id, #objId)") Result doSomething(@P("objId")String objId);

where defaultSecurityService is defined as:

 @Service public class DefaultSecurityService implements SecurityService { ... public boolean canDoSomething(String userId, String objId){ return true; // } }

Stack trace

 Caused by: java.lang.IllegalArgumentException: Failed to evaluate expression '#oauth2.throwOnError(defaultSecurityService.canDoSomething(authentication.principal.id, #objId))' at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:14) ... Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1057E:(pos 8): No bean resolver registered in the context to resolve access to bean 'defaultSecurityService'

what i tried:

make SecurityService extend [PermissionEvaluator ][1] and register a bean at Application.java`

  @Bean @Lazy public PermissionEvaluator permissionEvaluator(){ return securityService; }`

But I still get the same error

Reading spring security 4.0.2 documentation did not reveal any material material about violation of changes

+5

spring spring-boot spring-security

royB Jul 17 '15 at 9:58

source share

3 answers

I had the same problem as you, my bean responsible for managing security on the REST controller was not found:

 org.springframework.expression.spel.SpelEvaluationException: EL1057E:(pos 8): No bean resolver registered in the context to resolve access to bean 'communitySecurityAuthorizer

Rob's answer pointed me in the right direction (I thought I was doing it wrong, and not that it was a bug in the Spring OAuth2 standard).

I do not use springboot as I am doing webapp and I found an answer that solved my problem here: https://github.com/spring-projects/spring-security-oauth/issues/730#issuecomment-219480394

The problem arises from the bean solution, which is null, so here is the solution (retransmitting the link above):

Add @Bean with OAuth2WebSecurityExpressionHandler, which explicitly sets the application context

 @Bean public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext applicationContext) { OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler(); expressionHandler.setApplicationContext(applicationContext); return expressionHandler; }

In the ResourceServerConfigurerAdapter, configure the resources and go to the bean above.

 @Autowired private OAuth2WebSecurityExpressionHandler expressionHandler; @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.expressionHandler(expressionHandler); }

Hope it will be different!

+2

Almiriad Dec 01 '16 at 12:59

source share

As Almyriad said, generate an instance of OAuth2MethodSecurityExpressionHandler as a bean.

Instead, do the following:

 @EnableGlobalMethodSecurity(prePostEnabled = true) public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration { @Override protected MethodSecurityExpressionHandler createExpressionHandler() { return new OAuth2MethodSecurityExpressionHandler(); } .... }

do the following:

 @EnableGlobalMethodSecurity(prePostEnabled = true) public class OAuth2ResourceServerConfig extends GlobalMethodSecurityConfiguration { @Override protected MethodSecurityExpressionHandler createExpressionHandler() { return getOAuth2MethodSecurityExpressionHandler(); } @Bean public OAuth2MethodSecurityExpressionHandler getOAuth2MethodSecurityExpressionHandler() { return new OAuth2MethodSecurityExpressionHandler(); } .... }

Hope it will be different!

0

Daniel nuss Jun 01 '17 at 4:23

source share

Rob winch · Accepted Answer · 2015-07-17T19:16:43+0000

This is apparently a bug in the recently added OAuth2AutoConfiguration . In particular, it brings an OAuth2MethodSecurityConfiguration , which overrides the OAuth2MethodSecurityExpressionHandler using an OAuth2MethodSecurityExpressionHandler that does not have a BeanResolver set.

If you are not using OAuth2, the easiest solution is to remove Spring Security OAuth from your class path.

Alternatively, you can exclude OAuth2AutoConfiguration using the following if you use @SpringBootApplication :

 @SpringBootApplication(exclude=OAuth2AutoConfiguration.class)

alternatively, you can use the following if you use @AutoConfiguration directly:

 @AutoConfiguration(exclude=OAuth2AutoConfiguration.class)

UPDATE

You can also use something like this:

 public class DelegatingMethodSecurityExpressionHandler implements MethodSecurityExpressionHandler { private final MethodSecurityExpressionHandler delegate; public DelegatingMethodSecurityExpressionHandler( MethodSecurityExpressionHandler delegate) { super(); this.delegate = delegate; } public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) { return delegate.filter(filterTarget, filterExpression, ctx); } public ExpressionParser getExpressionParser() { return delegate.getExpressionParser(); } public EvaluationContext createEvaluationContext( Authentication authentication, MethodInvocation invocation) { return delegate.createEvaluationContext(authentication, invocation); } public void setReturnObject(Object returnObject, EvaluationContext ctx) { delegate.setReturnObject(returnObject, ctx); } }

Then in your configuration use:

 @Autowired(required = false) List<AuthenticationTrustResolver> trustResolvers = new ArrayList<>(); @Autowired(required = false) List<PermissionEvaluator> permissionEvaluators = new ArrayList<>(); @Bean public MethodSecurityExpressionHandler securityExpressionHandler(ApplicationContext context) { OAuth2MethodSecurityExpressionHandler delegate = new OAuth2MethodSecurityExpressionHandler(); delegate.setApplicationContext(context); if(trustResolvers.size() == 1) { delegate.setTrustResolver(trustResolvers.get(0)); } if(permissionEvaluators.size() == 1) { delegate.setPermissionEvaluator(permissionEvaluators.get(0)); } return new DelegatingMethodSecurityExpressionHandler(delegate); }

We need to wrap it in a DelegatingMethodSecurityExpressionHandler because Spring AutoConfiguration boot will replace any subclass of DefaultMethodSecurityExpressionHandler broken configuration.

Getting No Bean Registered Registrar

More articles: