Skip to content

Cannot access 'WebSecurityEnablerConfiguration': it is package-private #24240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nntk opened this issue Nov 24, 2020 · 2 comments
Closed

Cannot access 'WebSecurityEnablerConfiguration': it is package-private #24240

nntk opened this issue Nov 24, 2020 · 2 comments

Comments

@nntk
Copy link

nntk commented Nov 24, 2020

Describe the bug
With kotlin 1.4 explicit api mode enabled explicit api mode I could not compile with Spring boot 2.4.0 anymore. With 2.3.5 it was working. However between those updates I enabled the strict mode. The error message is reading as Cannot access 'WebSecurityEnablerConfiguration': it is package-private in 'org.springframework.boot.autoconfigure.security.servlet'
To Reproduce

  • Enable strict mode in gradle explicitApi = ExplicitApiMode.Strict
  • Create a class to configure WebSecurity on such as @Configuration @Order(ACTUATOR_FILTER_ORDER) @Import(WebSecurityEnablerConfiguration::class) @EnableConfigurationProperties(SpringBootAdminActuatorWebSecurityProperties::class) public class SpringBootAdminActuatorWebSecurityConfigurerAdapter
  • Compile

Expected behavior
I should be able to use WebSecurityEnablerConfiguration annotation to consolidate the 5 annotations which is defined in that class. However since it's declared without modifier it's firstly package private and secondly throwing the error described above as the strict mode detects undeclared access modifier.

Sample

As it is a rather simple configuration issue the above will already throw the error described. I can't share company code but this will replicate it
@Order(ACTUATOR_FILTER_ORDER) @Import(WebSecurityEnablerConfiguration::class) @EnableConfigurationProperties(SpringBootAdminActuatorWebSecurityProperties::class) public class SpringBootAdminActuatorWebSecurityConfigurerAdapter {}
@nntk nntk mentioned this issue Nov 24, 2020
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 24, 2020
@snicoll
Copy link
Member

snicoll commented Nov 24, 2020
edited
Loading

@nntk WebSecurityEnablerConfiguration was made package private as of #22739 and Kotlin has nothing to do with the problem, really.

Why are you relying on WebSecurityEnablerConfiguration? This is not public API and meant to be used by the auto-configuration only. As the Javadoc states, that's just a replacement for @EnableWebSecurity if the user forgot to add it.

@snicoll snicoll added the status: waiting-for-feedback We need additional information before we can continue label Nov 24, 2020
@nntk
Copy link
Author

nntk commented Nov 24, 2020

Sorry didn't pay attention to the updates you made with 2.4.0. So I will use SecurityFilterChain over inheritance.

@nntk nntk closed this as completed Nov 24, 2020
@snicoll snicoll removed status: waiting-for-feedback We need additional information before we can continue status: waiting-for-triage An issue we've not yet triaged labels Nov 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@snicoll @nntk @spring-projects-issues