Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve "Configuration problem: AuthorizationManager cannot be used in conjunction with access-decision-manager-ref" message #16193

Open
Spikhalskiy opened this issue Nov 30, 2024 · 0 comments · May be fixed by #16194
Open

Improve "Configuration problem: AuthorizationManager cannot be used in conjunction with access-decision-manager-ref" message #16193

Spikhalskiy opened this issue Nov 30, 2024 · 0 comments · May be fixed by #16194
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement

Comments

@Spikhalskiy
Copy link

Spikhalskiy commented Nov 30, 2024
edited
Loading

Current Behavior

The user has a project with Spring Security utilizing Access Decision Manager classes.
They have the following in their security.xml:

<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager">

The project is based on Spring 5.x and they migrate to Spring 6.x.
The user would get an error

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`

without having any AuthorizationManager beans configured.

This error message is confusing because it makes the user look for AuthorizationManager usages in the project.

Expected Behavior

If the error message pointed the user at the right attribute, it would save investigation time for users who perform the migration. It already gives a specific attribute name for access-decision-manager-ref. It should also give a reference to use-authorization-manager and highlight that it's true by default.

Context

The solution if the user doesn't want to migrate onto the new AuthorizationManager yet is to specify

<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager" use-authorization-manager="false">
@Spikhalskiy Spikhalskiy added status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement labels Nov 30, 2024
Spikhalskiy added a commit to Spikhalskiy/spring-security that referenced this issue Nov 30, 2024
@Spikhalskiy
Improve AuthorizationManager configuration error messages (spring-pro…
5be9489 
…jects#16193)
@Spikhalskiy Spikhalskiy linked a pull request Nov 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improve AuthorizationManager configuration error messages (#16193) Spikhalskiy/spring-security
1 participant
@Spikhalskiy