Inspectopedia
 
2024.3

Incorrect Spring Security XML-based application context

Error
Security
New
Last modified: 03 December 2024

Reports issues with the Spring Security XML-based context:

  • Unresolved bean references

  • Missing required tags or attributes

  • Incorrect property types

  • Inconsistent enum properties

  • Incorrect types of referenced beans

Also reports the following issues:

  • <https> configuration errors

    • <http> with the pattern '/**' must be the last one

    • Multiple <http> elements without 'pattern' are not allowed

  • <http> configuration errors

    • Empty tag if security='none'

  • <user-service>

    • Must either have attribute 'properties' or list of <user> elements

  • <ldap-server>

    • 'manager-password' is required when 'manager-dn' is used

    • Must either have 'user-context-mapper-ref' or 'user-details-class'

  • <authentication-provider>

    • Only one kind of user-service is allowed

  • <global-method-security>

    • 'pre-post-annotations' must have the value 'enabled' to use <pre-post-annotation-handling>'

    • Cannot use 'mode' with value 'aspectj' for <protect-pointcut> and <intercept-url>

    • 'requires-channel' attribute only allowed for parent <http>

  • <protect>

    • Mixing <protect> with <global-method-security> is not recommended