Inspectopedia Help

Incorrect Spring Security XML-based application context

Reports issues with the Spring Security XML-based context:

  • Unresolved bean references

  • Missing required tags or attributes

  • Incorrect property types

  • Inconsistent enum properties

  • Incorrect types of referenced beans

Also reports the following issues:

  • <https> configuration errors

    • <http> with the pattern '/**' must be the last one

    • Multiple <http> elements without 'pattern' are not allowed

  • <http> configuration errors

    • Empty tag if security='none'

  • <user-service>

    • Must either have attribute 'properties' or list of <user> elements

  • <ldap-server>

    • 'manager-password' is required when 'manager-dn' is used

    • Must either have 'user-context-mapper-ref' or 'user-details-class'

  • <authentication-provider>

    • Only one kind of user-service is allowed

  • <global-method-security>

    • 'pre-post-annotations' must have the value 'enabled' to use <pre-post-annotation-handling>'

    • Cannot use 'mode' with value 'aspectj' for <protect-pointcut> and <intercept-url>

    • 'requires-channel' attribute only allowed for parent <http>

  • <protect>

    • Mixing <protect> with <global-method-security> is not recommended

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

SpringSecurityModelInspection
Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Spring | Spring Security

Availability

By default bundled with

IntelliJ IDEA 2024.1, Qodana for JVM 2024.1,

Can be installed with plugin

Spring Security, 241.18072

Last modified: 18 June 2024
Debug mode is activated in the Spring Security configurationIncorrect configuration of Spring beans referenced in the Spring Security annotation