SEC-2773: Prevent premature container initialization in WebSecurityConfiguration.

Changed the bean definition method for the DelegatingApplicationListener to be static to avoid the need to instantiate the configuration class which caused further premature initializations to satisfy the dependencies expressed in setFilterChainProxySecurityConfigurer(…).
11 years ago · c05f27af6c
1 changed files with 1 additions and 1 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@ -74,7 +74,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
				@@ -74,7 +74,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
    private ClassLoader beanClassLoader;

    @Bean
-    public DelegatingApplicationListener delegatingApplicationListener() {
+    public static DelegatingApplicationListener delegatingApplicationListener() {
        return new DelegatingApplicationListener();
    }