Using Secured Annotation for Controller in combination with CGLib and Mybatis Spring

[oilid]

Hi guys,

I hope someone can help me for this issue:

I want to use the following security configuration:

Code:

<security:global-method-security secured-annotations="enabled" proxy-target-class="true" />

The reason for using CGLib as proxy instead of the JDK dynamic proxy is because of the usage of extending interfaces like this:

Code:

public abstract interface AbstractPromotionController {
    @RequestMapping(value = "edit", method = RequestMethod.GET)
    public void edit(final Model model, @RequestParam(value = "foo", required = false) final String foo, final HttpServletRequest request) throws IOException;
	
}

@RequestMapping("/foo/bar/blubb")
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
public interface AmAktionController extends AbstractPromotionController {
}

Unfortunately this doesn't work because the JDK dynamic proxy looses the RequestMapping information if inheritance is used, isn't it?!

So I tried using the

Code:

proxy-target-class="true"

property above.
But this seems doesn't to work in combination with the mybatis spring MapperFactoryBean, which I want to use to dynamically generate the DAO implementations:

Code:

<bean class="org.mybatis.spring.mapper.MapperFactoryBean">
	<property name="mapperInterface" value="com.foo.bar.dao.api.admin.servicestatistic.StatisticLogDAO" />
	<property name="sqlSessionFactory" ref="sqlSessionFactory" />
</bean>

These configurations produces the following exception:

Code:

2013-01-24 10:30:12,216 [main] [ERROR] [] ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'pidbStatisticLogServiceImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.foo.bar.dao.api.admin.servicestatistic.StatisticLogDAO com.foo.bar.service.impl.admin.servicestatistic.PidbStatisticLogServiceImpl.statisticLogDAO; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.mybatis.spring.mapper.MapperFactoryBean#4': Post-processing of the FactoryBean's object failed; nested exception is org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class $Proxy25]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Cannot subclass final class class $Proxy25
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:288)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1120)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:522)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:461)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:607)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
	at org.apache.catalina.core.StandardService.start(StandardService.java:525)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
	[...]
Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.foo.bar.dao.api.admin.servicestatistic.StatisticLogDAO com.foo.bar.service.impl.admin.servicestatistic.PidbStatisticLogServiceImpl.statisticLogDAO; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.mybatis.spring.mapper.MapperFactoryBean#4': Post-processing of the FactoryBean's object failed; nested exception is org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class $Proxy25]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Cannot subclass final class class $Proxy25
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:514)
	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:285)
	... 28 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.mybatis.spring.mapper.MapperFactoryBean#4': Post-processing of the FactoryBean's object failed; nested exception is org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class $Proxy25]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Cannot subclass final class class $Proxy25
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:165)
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:102)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1443)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:249)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:873)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:815)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:730)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:486)
	... 30 more
Caused by: org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class $Proxy25]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Cannot subclass final class class $Proxy25
	at org.springframework.aop.framework.CglibAopProxy.getProxy(CglibAopProxy.java:217)
	at org.springframework.aop.framework.ProxyFactory.getProxy(ProxyFactory.java:110)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.createProxy(AbstractAutoProxyCreator.java:473)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:359)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:319)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:412)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.postProcessObjectFromFactoryBean(AbstractAutowireCapableBeanFactory.java:1629)
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:162)
	... 38 more
Caused by: java.lang.IllegalArgumentException: Cannot subclass final class class $Proxy25
	at org.springframework.cglib.proxy.Enhancer.generateClass(Enhancer.java:446)
	at org.springframework.cglib.transform.TransformingClassGenerator.generateClass(TransformingClassGenerator.java:33)
	[...]

Is there any solution for this issue? Can I change the behaviour of the mybatis spring org.mybatis.spring.mapper.MapperFactoryBean how to create the proxy which would work in combination with the

Code:

proxy-target-class="true"

property of the spring security configuration?

Please help me.
I'm using spring 3.2.0, spring security 3.1.3 and mybatis spring 1.1.1

Thanks,
Oilid

[Rob Winch]

You can either remove the final delcaration from your bean or you can use explicit configuration for proxying rather than auto proxying. To do explicit configuration, you will need to see the Spring AOP reference and the Spring Security reference.

[oilid]

Hey Rob,

first of all: thank you for your answer.

I couldn't remove the final declarations of some methods/classes because they are not in my territory and used as third party library like mybatis spring... And the problem above is resulted by the switch from AOP to the use of @Secured annotations... I still want to use annotations instead of AspectJ.

Is there maybe a workaround or solution for the mentioned "extending issue" with interfaces in combination with JDK dynamic proxies? I tried to use array variables as annotations values but figured out:
"Unfortunately, you can't do this with arrays." (http://stackoverflow.com/a/2065973)

Thanks again :-)

[Rob Winch]

I know this isn't what you wanted to hear, but your options are: Use AspectJ, remove the final declarations, implement interfaces and use interface based proxies