Spring Security 5.8.4 -> 5.8.5 adding Dynamic servlet issue

Hi, beginning with 5.8.5 I'm getting an issue where when I'm trying to add dynamic servlets the appserver is replying with:

Caused by: java.lang.UnsupportedOperationException: [HTTP:101388]The ServletContext was passed to the ServletContextListener.contextInitialized method of a ServletContextListener that was neither declared in web.xml or web-fragment.xml, nor annotated with javax.servlet.annotation.WebListener.

As far as I can tell it's worked perfectly fine beforehand, not sure if this is an issue introduced with 5.8.5 or something I had wrong to begin with I might have been getting away with that you all tightened up. Since the issue seems to be coming from WebLogic I can't exactly debug that source but perhaps someone has an idea what might be causing it.

(redacting out some of my company packages)

Caused by: java.lang.UnsupportedOperationException: [HTTP:101388]The ServletContext was passed to the ServletContextListener.contextInitialized method of a ServletContextListener that was neither declared in web.xml or web-fragment.xml, nor annotated with javax.servlet.annotation.WebListener. at weblogic.servlet.internal.WebAppServletContext.checkNotifyDynamicContext(WebAppServletContext.java:4458) ~[com.oracle.weblogic.servlet.jar:14.1.1.0] at weblogic.servlet.internal.WebAppServletContext.getServletRegistrations(WebAppServletContext.java:4342) ~[com.oracle.weblogic.servlet.jar:14.1.1.0] at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.requestMatchers(AbstractRequestMatcherRegistry.java:315) ~[?:?] at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.requestMatchers(AbstractRequestMatcherRegistry.java:366) ~[?:?] at com.xxx.xx.console.SecurityConfig.filterChain(SecurityConfig.java:59) ~[?:?] at com.xxx.xx.console.SecurityConfig$$EnhancerBySpringCGLIB$$2da3a208.CGLIB$filterChain$2(<generated>) ~[?:?] at com.cybershift.ds.console.SecurityConfig$$EnhancerBySpringCGLIB$$2da3a208$$FastClassBySpringCGLIB$$2e29def6.invoke(<generated>) ~[?:?] at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) ~[?:?] at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) ~[?:?] at com.cybershift.ds.console.SecurityConfig$$EnhancerBySpringCGLIB$$2da3a208.filterChain(<generated>) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?] at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[?:?] at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[?:?] at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[?:?] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[?:?] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[?:?] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[?:?] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[?:?] at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[?:?] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[?:?] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[?:?] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[?:?] at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276) ~[?:?] at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1609) ~[?:?] at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1573) ~[?:?] at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1462) ~[?:?] at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1349) ~[?:?] at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1311) ~[?:?] at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:766) ~[?:?] ... 81 more

` package com.xxx.xx.console.webapp;

import javax.servlet.FilterRegistration; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRegistration;

import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.WebApplicationInitializer; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.servlet.DispatcherServlet;

import com.xxx.xx.console.ApplicationContextConfig; import com.xxx.xx.console.SecurityConfig; import com.xxx.xx.console.ServletConfig; import com.xxx.xx.console.session.SharedFileCleanupListener; import com.xxx.xx.console.workaround.NotModifiedFilter; import com.xxx.xx.server.servlet.ContextLoaderListener; import com.xxx.xx.server.servlet.LoggingServiceContextListener;

public class ConsoleWebApplicationInitializer implements WebApplicationInitializer {

protected Logger logger = LoggerFactory.getLogger(getClass());

@Override public void onStartup(ServletContext servletContext) throws ServletException { logger.debug("onStartup(servletContext={})", servletContext);

AnnotationConfigWebApplicationContext rootCtx = new AnnotationConfigWebApplicationContext();
rootCtx.register(ApplicationContextConfig.class, SecurityConfig.class);

servletContext.addListener(new LoggingServiceContextListener());
servletContext.addListener(new ContextLoaderListener(rootCtx));
servletContext.addListener(new SharedFileCleanupListener());
rootCtx.setServletContext(servletContext);

AnnotationConfigWebApplicationContext servletCtx = new AnnotationConfigWebApplicationContext();
servletCtx.setParent(rootCtx);
servletCtx.register(ServletConfig.class);

ServletRegistration.Dynamic servlet = servletContext.addServlet("appServlet", new DispatcherServlet(servletCtx));
servlet.setLoadOnStartup(1);
servlet.addMapping("/");

FilterRegistration.Dynamic security = servletContext.addFilter("springSecurityFilterChain", new DelegatingFilterProxy());
security.addMappingForUrlPatterns(null, true, "/*");

FilterRegistration.Dynamic notModified = servletContext.addFilter("notModifiedFilter", new NotModifiedFilter());
notModified.addMappingForUrlPatterns(null, true, "/*");

} } `

The appserver stack is: Weblogic 14.1.1 Spring Framework 5.3.29 Spring Security 5.8.5 (previously 5.8.4 and working fine) Spring Data 2.7.13

Comment From: JohnZ1385

resolved this problem by reverting my SecurityConfig file from the new bean based definition style back to the WebSecurityConfigurer extension and everything seems to work fine again. I can only assume my conversion to the post 5.7 Bean based HttpSecurity etc. was somehow wrong.