From 1ebd663253dc34569c4d1e984e5c6b8721c64707 Mon Sep 17 00:00:00 2001 From: Patrick Schmidt Date: Tue, 19 Mar 2024 08:19:35 -0300 Subject: [PATCH] doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean Closes gh-14779 --- docs/modules/ROOT/pages/reactive/authorization/method.adoc | 4 +++- .../ROOT/pages/servlet/authorization/method-security.adoc | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/modules/ROOT/pages/reactive/authorization/method.adoc b/docs/modules/ROOT/pages/reactive/authorization/method.adoc index 2efc242fbf2..037417c0dde 100644 --- a/docs/modules/ROOT/pages/reactive/authorization/method.adoc +++ b/docs/modules/ROOT/pages/reactive/authorization/method.adoc @@ -105,6 +105,7 @@ Java:: [source,java,role="primary"] ---- @Bean +@Role(BeanDefinition.ROLE_INFRASTRUCTURE) static GrantedAuthorityDefaults grantedAuthorityDefaults() { return new GrantedAuthorityDefaults("MYPREFIX_"); } @@ -113,7 +114,8 @@ static GrantedAuthorityDefaults grantedAuthorityDefaults() { [TIP] ==== -We expose `GrantedAuthorityDefaults` using a `static` method to ensure that Spring publishes it before it initializes Spring Security's method security `@Configuration` classes +We expose `GrantedAuthorityDefaults` using a `static` method to ensure that Spring publishes it before it initializes Spring Security's method security `@Configuration` classes. +Since the `GrantedAuthorityDefaults` bean is part of internal workings of Spring Security, we should also expose it as an infrastructural bean effectively avoiding some warnings related to bean post-processing (see https://github.com/spring-projects/spring-security/issues/14751[gh-14751]). ==== [[jc-reactive-method-security-custom-authorization-manager]] diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index 9daa1217183..e6dfe712c5b 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -234,6 +234,7 @@ Java:: [source,java,role="primary"] ---- @Bean +@Role(BeanDefinition.ROLE_INFRASTRUCTURE) static GrantedAuthorityDefaults grantedAuthorityDefaults() { return new GrantedAuthorityDefaults("MYPREFIX_"); } @@ -245,6 +246,7 @@ Kotlin:: ---- companion object { @Bean + @Role(BeanDefinition.ROLE_INFRASTRUCTURE) fun grantedAuthorityDefaults() : GrantedAuthorityDefaults { return GrantedAuthorityDefaults("MYPREFIX_"); } @@ -265,7 +267,8 @@ Xml:: [TIP] ==== -We expose `GrantedAuthorityDefaults` using a `static` method to ensure that Spring publishes it before it initializes Spring Security's method security `@Configuration` classes +We expose `GrantedAuthorityDefaults` using a `static` method to ensure that Spring publishes it before it initializes Spring Security's method security `@Configuration` classes. +Since the `GrantedAuthorityDefaults` bean is part of internal workings of Spring Security, we should also expose it as an infrastructural bean effectively avoiding some warnings related to bean post-processing (see https://github.com/spring-projects/spring-security/issues/14751[gh-14751]). ==== [[jc-method-security-custom-authorization-manager]]