Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore Deprecated ObjectPostProcessor constructors for binary compatibility #16174

Closed
okohub opened this issue Nov 26, 2024 · 5 comments · Fixed by #16212
Closed

Restore Deprecated ObjectPostProcessor constructors for binary compatibility #16174

okohub opened this issue Nov 26, 2024 · 5 comments · Fixed by #16212
Assignees
@jzheaux @ngocnhan-tran1996
Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: bug A general bug
Milestone
6.4.2

Comments

@okohub
Copy link
Contributor

okohub commented Nov 26, 2024

Describe the bug

With 6.4.0, especially with this commit: ee9a887

ObjectPostProcessor is moved to parent folder and current implementation is marked as deprecated. To ensure compatibility, deprecated ObjectPostProcessor is also extends new one.

The AuthenticationManagerBuilder (org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) has a constructor with new ObjectProcessor as follows:

public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
  super(objectPostProcessor, true);
}

We have a NoObjectPostProcessor (like identity function in new one, thanks for that),

import c.c.c.Lazy;
import org.springframework.security.config.annotation.ObjectPostProcessor;

public class NoOpObjectPostProcessor<T> implements ObjectPostProcessor<T> {

  private static final Lazy<ObjectPostProcessor> INSTANCE = Lazy.of(NoOpObjectPostProcessor::new);

  public static <T> ObjectPostProcessor<T> getInstance() {
    return (ObjectPostProcessor<T>) INSTANCE.get();
  }

  @Override
  public <O extends T> O postProcess(O object) {
    return object;
  }
}

And using this processor like that:

AuthenticationManagerBuilder builder = new AuthenticationManagerBuilder(NoOpObjectPostProcessor.getInstance());

This usage now throws exception:

Caused by: java.lang.NoSuchMethodError: 'void org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder.<init>(org.springframework.security.config.annotation.ObjectPostProcessor)'
	at x.x.x.x.x.x.build(x.java:23)  --> calls builder constructor
	at a.a.a.a.a.a(a.java:54)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:171)
	... 48 more

To Reproduce
Steps to reproduce the behavior.

Expected behavior
In first, I expected that compatibility trick can work because it also gives no error when compiling. It explodes in runtime.

I should resolve problem on my own codebase with some workarounds, but I thought this should be also discussed.

Thanks.
@okohub okohub added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Nov 26, 2024
@ngocnhan-tran1996
Copy link
Contributor

With version 6.4.1

I run without error and org.springframework.security.config.annotation.ObjectPostProcessor extends org.springframework.security.config.ObjectPostProcessor

spring-security/config/src/main/java/org/springframework/security/config/annotation/ObjectPostProcessor.java

Lines 34 to 35 in 59b7b55

@Deprecated
public interface ObjectPostProcessor<T> extends org.springframework.security.config.ObjectPostProcessor<T> {

@jzheaux jzheaux added this to the 6.4.2 milestone Dec 3, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Dec 3, 2024

Hi, @okohub, thanks for the report.

This may be a binary compatibility issue. As such it may be appropriate to reintroduce the deprecated constructors to make the upgrade passive.

I'm targeting a fix for this in the next maintenance release.

@ngocnhan-tran1996
Copy link
Contributor

@jzheaux

May I work on this?

@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this issue Dec 4, 2024
Merged
jzheaux pushed a commit to ngocnhan-tran1996/spring-security that referenced this issue Dec 4, 2024
@ngocnhan-tran1996 @jzheaux
Add Deprecated ObjectPostProcessor constructor
03fc573 
Issue spring-projectsgh-16174
jzheaux added a commit to ngocnhan-tran1996/spring-security that referenced this issue Dec 4, 2024
@jzheaux
Restore Deprecated ObjectPostProcessor Usage
57d5cf9 
Closes spring-projectsgh-16174
jzheaux pushed a commit that referenced this issue Dec 4, 2024
@ngocnhan-tran1996 @jzheaux
Add Deprecated ObjectPostProcessor constructor
8c0ea3e 
Issue gh-16174
@jzheaux jzheaux closed this as completed in 2ed1caf Dec 4, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Dec 4, 2024

@okohub a fix has been pushed and should be available in 6.4.2-SNAPSHOT. Can you please try it out and let me know if your issue is resolved?

@jzheaux jzheaux added in: config An issue in spring-security-config and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 4, 2024
@jzheaux jzheaux changed the title Breaking Change after upgrading to 6.4.1 via Spring Boot 3.4.0 Restore Deprecated ObjectPostProcessor constructors for binary compatibility Dec 16, 2024
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Dec 16, 2024
@jzheaux
Copy link
Contributor

jzheaux commented Dec 16, 2024

Superceded by #16212

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

@ngocnhan-tran1996 ngocnhan-tran1996

Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: bug A general bug
Projects
Spring Security Team
Status: No status
Milestone
6.4.2
Development

Successfully merging a pull request may close this issue.

Add Deprecated ObjectPostProcessor constructor ngocnhan-tran1996/spring-security
3 participants
@jzheaux @okohub @ngocnhan-tran1996