You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was getting very strange behaviour from spring security with filters not being executed in the right order, upon debugging i found that the @Order(1) annotation is not working when the hotswap agent is active.
With spring security 6 the following code for the SecurityFilterChain is critical to be applied before other filterChains:
@Order(1) // configure first > most specific@BeanpublicSecurityFilterChainfilterChain(HttpSecurityhttp) throwsException {
...
}
When the order is not preserved, the security config of the spring boot application is broken.
Test case
The following single spring java configuration can reproduce the issue:
importorg.springframework.beans.factory.InitializingBean;
importorg.springframework.beans.factory.annotation.Autowired;
importorg.springframework.context.annotation.Bean;
importorg.springframework.context.annotation.Configuration;
importorg.springframework.core.annotation.Order;
importjava.util.List;
@ConfigurationpublicclassTestOrderConfiguration {
publicstaticclassOrderBean {
privateintorder;
publicOrderBean(intorder) {
this.order = order;
}
publicintgetOrder() {
returnorder;
}
}
// define beans with @Order annotation on the method: (it seems the method annotations are not preserved) @Order(2)
@BeanpublicOrderBeanorderTwo() {
returnnewOrderBean(2);
}
@BeanpublicOrderBeanorderLast() {
returnnewOrderBean(100);
}
@Order(1)
@BeanpublicOrderBeanorderOne() {
returnnewOrderBean(1);
}
@ConfigurationpublicstaticclassOrderListConfigurationimplementsInitializingBean {
@Autowired// beans in list should be ordered automaticallypublicList<OrderBean> orders;
@OverridepublicvoidafterPropertiesSet() throwsException {
// print beans to check orderfor (OrderBeanorder : orders) {
System.out.println("order: " + order.getOrder());
}
}
}
}
Output without hotswap enabled: (correctly ordered by Order value)
order: 1
order: 2
order: 100
With hotswap the order is not resolved correctly: (ordered in the bean definition order)
order: 2
order: 100
order: 1
I suspect the @Order annotation on the method on the Spring configuration is lost?
Or if anybody has another idea i would be curious to know!
Test system
Spring framework: 6.0.7
Spring boot: 3.0.5
Hotswap version: 1.4.2-SNAPSHOT
JVM: Jet brains runtime 17.0.6
JVM args: -XX:+AllowEnhancedClassRedefinition -XX:HotswapAgent=fatjar
Startup log:
I was getting very strange behaviour from spring security with filters not being executed in the right order, upon debugging i found that the
@Order(1)
annotation is not working when the hotswap agent is active.With spring security 6 the following code for the SecurityFilterChain is critical to be applied before other filterChains:
When the order is not preserved, the security config of the spring boot application is broken.
Test case
The following single spring java configuration can reproduce the issue:
Output without hotswap enabled: (correctly ordered by Order value)
With hotswap the order is not resolved correctly: (ordered in the bean definition order)
I suspect the
@Order
annotation on the method on the Spring configuration is lost?Or if anybody has another idea i would be curious to know!
Test system
Spring framework: 6.0.7
Spring boot: 3.0.5
Hotswap version: 1.4.2-SNAPSHOT
JVM: Jet brains runtime 17.0.6
JVM args: -XX:+AllowEnhancedClassRedefinition -XX:HotswapAgent=fatjar
Startup log:
The text was updated successfully, but these errors were encountered: