Switch off Security Filter auto-config when spring-security-config is absent

SecurityFilterAutoConfiguration uses SecurityProperties which uses SessionCreationPolicy from spring-security-config. This commit makes SecurityFilterAutoConfiguration conditional on SessionCreationPolicy, thereby preventing a startup failure if spring-security-web is on the classpath but spring-security-config is not. Closes gh-4919
9 years ago · 150a6f0f5c
parent 152ee95261
commit 150a6f0f5c
1 changed files with 4 additions and 2 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2015 the original author or authors.
+ * Copyright 2012-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -33,6 +33,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
+import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

 /**
@ -49,7 +50,8 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
@Configuration
@ConditionalOnWebApplication
@EnableConfigurationProperties
-@ConditionalOnClass(AbstractSecurityWebApplicationInitializer.class)
+@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
+		SessionCreationPolicy.class })
@AutoConfigureAfter(SpringBootWebSecurityConfiguration.class)
 public class SecurityFilterAutoConfiguration {