Search code examples
javaspring-bootspring-securitytinkerpop3gremlin-java

Autowired is not working in CustomMethodSecurityExpressionRoot always returning NULL

Autowired is not working in CustomMethodSecurityExpressionRoot always returning NULL. here is the custom method security.

public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {

    Logger logger = LoggerFactory.getLogger(this.getClass());
    
    private Object filterObject;
    private Object returnObject;
    
    @Autowired GraphTraversalSource g;
        
    public CustomMethodSecurityExpressionRoot(Authentication authentication) {
        super(authentication);
    }

    public boolean isMember(String orgId) {
        System.out.println(g);
        String user = this.authentication.getName();
        logger.debug("Check the permission for the user {}", user);
        System.out.println(g);
        return true;
    }
    
    @Override
    public void setFilterObject(Object obj) {
        this.filterObject = obj;
    }

    @Override
    public Object getFilterObject() {
        return this.filterObject;
    }

    @Override
    public void setReturnObject(Object obj) {
        this.returnObject = obj;
    }
    
    @Override
    public Object getReturnObject() {
        return this.returnObject;
    }

    @Override
    public Object getThis() {
        return this;
    }

}

Tried the following too

   public void setG(GraphTraversalSource g) {
        this.g = g;
    }

Why it is return in g as NULL always. In other place controller / service, I am getting the expected value Traversalsource[emptygraph[empty], standard].

Solution

  • Found the problem. g dosen't have access to Application Context. We need to set the g in the CustomMethodSecurityExpressionRoot instance to be able to use it.

    public class AuctionMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {

private ApplicationContext applicationContext;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();

@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
        MethodInvocation invocation) {
    AuctionMethodSecurityExpressionRoot root = new AuctionMethodSecurityExpressionRoot(authentication);
    root.setPermissionEvaluator(getPermissionEvaluator());
    root.setTrustResolver(this.trustResolver);
    root.setRoleHierarchy(getRoleHierarchy());
    root.setG(this.applicationContext.getBean(GraphTraversalSource.class));
    return root;
}

@Override
public void setApplicationContext(ApplicationContext applicationContext) {
    super.setApplicationContext(applicationContext);
    this.applicationContext=applicationContext;
}
}

    and

    @Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

     Logger logger = LoggerFactory.getLogger(this.getClass());
     @Autowired
     private ApplicationContext applicationContext;

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        CustomMethodSecurityExpressionHandler expressionHandler = new CustomMethodSecurityExpressionHandler();
        expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
        expressionHandler.setApplicationContext(applicationContext);
        logger.debug("Method security expression handler configured to CustomMethodSecurityExpressionHandler");
        return expressionHandler;
     }

}