Details
-
Type:
Improvement
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.0.0
-
Fix Version/s: Product Backlog
-
Component/s: Core: Configuration
-
Labels:None
-
User impact:Medium
-
Similar Issues:None
Description
The gist of that question is I couldn't get the custom-security-provider to pick up the Spring Security authentication manager that is defined in the parent context of a "Spring-first" context configuration. I think I've found that it's an impossible configuration.
Because the BeanDefinitionBuilder doesn't have access to the parent WebApplicationContext, it seems the bean would have to be defined as lazy so it's not resolved until after the BeanDefinitionReader is done.
But there's no way to set the lazy flag on the custom-security-provider, so it seems like it won't work.
Maybe it's a bad idea to use this "Spring first" pattern. I initially liked it because there's a clean separation between the Mule and Spring contexts, which would hopefully make it easier to separate later.
For what it's worth, CXF has no problem picking up parent context beans in a similar configuration.
Issue Links
- is blocked by
-
MULE-5225
Upgrade Spring Security to 3.0.3
-
I think this can be closed or changed to a documentation issue. I should have been using the mule-module-spring-security and wasn't. After doing so, and in combination with
MULE-5225, I was able to use the following configuration:<ss:security-manager> <ss:delegate-security-provider name="muleAuthenticationManager" delegate-ref="authenticationManager"/> </ss:security-manager>MULE-5225, I was able to use the following configuration:<ss:security-manager> <ss:delegate-security-provider name="muleAuthenticationManager" delegate-ref="authenticationManager"/> </ss:security-manager>