Spring Security Warning: Class AuthorityUtils is abstract?

Question

Since moving to Spring Security 3.2.5.RELEASE and Spring 4.1.1.RELEASE we are getting a Spring Bean Validation warning in Eclipse (Luna).

The exact warning is:

Class 'org.springframework.security.core.authority.AuthorityUtils' is abstract

Here is the header to this Spring file:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:tx="http://www.springframework.org/schema/tx" xmlns:springsecurity="http://www.springframework.org/schema/security"
    xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
    xmlns:jee="http://www.springframework.org/schema/jee"
    xsi:schemaLocation="http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.1.xsd
        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
        http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.1.xsd">

The offending portion of configuration is as follows (meaning that if I remove this section the error goes away. Specifically, if I remove the springsecurity:authentication-provider stanza:

<springsecurity:authentication-manager alias="authenticationManager">
    <springsecurity:authentication-provider>
        <springsecurity:user-service>
            <springsecurity:user name="john" password="john"
                authorities="ROLE_USER" />
            <springsecurity:user name="admin" password="admin"
                authorities="ROLE_USER, ROLE_ADMIN" />
            <springsecurity:user name="guest" password="guest"
                authorities="ROLE_GUEST" />
        </springsecurity:user-service>
    </springsecurity:authentication-provider>
</springsecurity:authentication-manager>

Any ideas on the root cause of this? Our project doesn't put up with spurious warnings and I don't want to disabled Spring bean validation.

Answer 1

This is a bug in version 3.6.0 of the Spring Tool Suite, as Luke Taylor pointed out. The bug report is at https://issuetracker.springsource.com/browse/STS-3875, and won't be fixed before STS version 3.6.3. You can examine the code for this class at http://www.docjar.com/html/api/org/springframework/orm/jpa/SharedEntityManagerCreator.java.html

[Edit] The bug report notes that this bug is now fixed. The fix is in version 3.6.4