Harmonize ReactiveSecurityAutoConfiguration

Fixes gh-14263
6 years ago · e41394233b
parent feff65e73e
commit e41394233b
4 changed files with 47 additions and 129 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java
@ -16,22 +16,40 @@

 package org.springframework.boot.autoconfigure.security.reactive;

+import reactor.core.publisher.Flux;
+
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.web.server.WebFilterChainProxy;

 /**
 * {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a reactive
- * application.
+ * application. Switches on {@link EnableWebFluxSecurity} for a reactive web application
+ * if this annotation has not been added by the user. It delegates to Spring Security's
+ * content-negotiation mechanism for authentication. This configuration also backs off if
+ * a bean of type {@link WebFilterChainProxy} has been configured in any other way.
 *
 * @author Madhura Bhave
 * @since 2.0.0
 */
@Configuration
@EnableConfigurationProperties(SecurityProperties.class)
-@Import(WebFluxSecurityConfiguration.class)
+@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class,
+		WebFilterChainProxy.class })
 public class ReactiveSecurityAutoConfiguration {

+	@Configuration
+	@ConditionalOnMissingBean(WebFilterChainProxy.class)
+	@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
+	@EnableWebFluxSecurity
+	static class EnableWebFluxSecurityConfiguration {
+
+	}
+
 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java
@ -1,46 +0,0 @@
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.reactive;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.web.server.WebFilterChainProxy;
-
-/**
- * Switches on {@link EnableWebFluxSecurity} for a reactive web application if this
- * annotation has not been added by the user. It delegates to Spring Security's
- * content-negotiation mechanism for authentication. This configuration also backs off if
- * a bean of type {@link WebFilterChainProxy} has been configured in any other way.
- *
- * @author Madhura Bhave
- */
-@Configuration
-@ConditionalOnClass({ EnableWebFluxSecurity.class, WebFilterChainProxy.class })
-@ConditionalOnMissingBean(WebFilterChainProxy.class)
-@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
-class WebFluxSecurityConfiguration {
-
-	@Configuration
-	@EnableWebFluxSecurity
-	static class EnableWebFluxSecurityConfiguration {
-
-	}
-
-}
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
@ -20,9 +20,12 @@ import org.junit.Test;

 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.web.server.WebFilterChainProxy;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;

 /**
 * Tests for {@link ReactiveSecurityAutoConfiguration}.
@ -34,17 +37,33 @@ public class ReactiveSecurityAutoConfigurationTests {
 	private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();

 	@Test
-	public void importsConfigurationThatEnablesWebFluxSecurity() {
+	public void backsOffWhenWebFilterChainProxyBeanPresent() {
+		this.contextRunner
+				.withConfiguration(
+						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
+				.withUserConfiguration(WebFilterChainProxyConfiguration.class)
+				.run((context) -> assertThat(context)
+						.hasSingleBean(WebFilterChainProxy.class));
+	}
+
+	@Test
+	public void enablesWebFluxSecurity() {
 		this.contextRunner
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
 								ReactiveUserDetailsServiceAutoConfiguration.class))
-				.run((context) -> {
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-					assertThat(context).getBean(WebFluxSecurityConfiguration.class)
-							.isNotNull();
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-				});
+				.run((context) -> assertThat(context).getBean(WebFilterChainProxy.class)
+						.isNotNull());
+	}
+
+	@Configuration
+	static class WebFilterChainProxyConfiguration {
+
+		@Bean
+		public WebFilterChainProxy webFilterChainProxy() {
+			return mock(WebFilterChainProxy.class);
+		}
+
 	}

 }
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java
@ -1,73 +0,0 @@
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.reactive;
-
-import org.junit.Test;
-
-import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.web.server.WebFilterChainProxy;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
-/**
- * Tests for {@link WebFluxSecurityConfiguration}.
- *
- * @author Madhura Bhave
- */
-public class WebFluxSecurityConfigurationTests {
-
-	private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
-
-	@Test
-	public void backsOffWhenWebFilterChainProxyBeanPresent() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
-				.withUserConfiguration(WebFilterChainProxyConfiguration.class)
-				.run((context) -> assertThat(context)
-						.doesNotHaveBean(WebFluxSecurityConfiguration.class));
-	}
-
-	@Test
-	public void enablesWebFluxSecurity() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
-								ReactiveUserDetailsServiceAutoConfiguration.class))
-				.run((context) -> {
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-					assertThat(context).getBean(WebFluxSecurityConfiguration.class)
-							.isNotNull();
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-				});
-	}
-
-	@Configuration
-	static class WebFilterChainProxyConfiguration {
-
-		@Bean
-		public WebFilterChainProxy webFilterChainProxy() {
-			return mock(WebFilterChainProxy.class);
-		}
-
-	}
-
-}