From e41394233ba73fb309cb569443de9b801f048427 Mon Sep 17 00:00:00 2001
From: Madhura Bhave <mbhave@pivotal.io>
Date: Fri, 7 Sep 2018 11:38:09 -0700
Subject: [PATCH] Harmonize ReactiveSecurityAutoConfiguration

Fixes gh-14263
---
 .../ReactiveSecurityAutoConfiguration.java    | 24 +++++-
 .../WebFluxSecurityConfiguration.java         | 46 ------------
 ...eactiveSecurityAutoConfigurationTests.java | 33 +++++++--
 .../WebFluxSecurityConfigurationTests.java    | 73 -------------------
 4 files changed, 47 insertions(+), 129 deletions(-)
 delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java
 delete mode 100644 spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java

diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java
index 083e3ebc71..1cdb8766a1 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java
@@ -16,22 +16,40 @@
 
 package org.springframework.boot.autoconfigure.security.reactive;
 
+import reactor.core.publisher.Flux;
+
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.web.server.WebFilterChainProxy;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a reactive
- * application.
+ * application. Switches on {@link EnableWebFluxSecurity} for a reactive web application
+ * if this annotation has not been added by the user. It delegates to Spring Security's
+ * content-negotiation mechanism for authentication. This configuration also backs off if
+ * a bean of type {@link WebFilterChainProxy} has been configured in any other way.
  *
  * @author Madhura Bhave
  * @since 2.0.0
  */
 @Configuration
 @EnableConfigurationProperties(SecurityProperties.class)
-@Import(WebFluxSecurityConfiguration.class)
+@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class,
+		WebFilterChainProxy.class })
 public class ReactiveSecurityAutoConfiguration {
 
+	@Configuration
+	@ConditionalOnMissingBean(WebFilterChainProxy.class)
+	@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
+	@EnableWebFluxSecurity
+	static class EnableWebFluxSecurityConfiguration {
+
+	}
+
 }
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java
deleted file mode 100644
index 54c46e89d5..0000000000
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfiguration.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.reactive;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.web.server.WebFilterChainProxy;
-
-/**
- * Switches on {@link EnableWebFluxSecurity} for a reactive web application if this
- * annotation has not been added by the user. It delegates to Spring Security's
- * content-negotiation mechanism for authentication. This configuration also backs off if
- * a bean of type {@link WebFilterChainProxy} has been configured in any other way.
- *
- * @author Madhura Bhave
- */
-@Configuration
-@ConditionalOnClass({ EnableWebFluxSecurity.class, WebFilterChainProxy.class })
-@ConditionalOnMissingBean(WebFilterChainProxy.class)
-@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
-class WebFluxSecurityConfiguration {
-
-	@Configuration
-	@EnableWebFluxSecurity
-	static class EnableWebFluxSecurityConfiguration {
-
-	}
-
-}
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
index 1e4b9f0229..a903745aac 100644
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfigurationTests.java
@@ -20,9 +20,12 @@ import org.junit.Test;
 
 import org.springframework.boot.autoconfigure.AutoConfigurations;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.web.server.WebFilterChainProxy;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
 
 /**
  * Tests for {@link ReactiveSecurityAutoConfiguration}.
@@ -34,17 +37,33 @@ public class ReactiveSecurityAutoConfigurationTests {
 	private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
 
 	@Test
-	public void importsConfigurationThatEnablesWebFluxSecurity() {
+	public void backsOffWhenWebFilterChainProxyBeanPresent() {
+		this.contextRunner
+				.withConfiguration(
+						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
+				.withUserConfiguration(WebFilterChainProxyConfiguration.class)
+				.run((context) -> assertThat(context)
+						.hasSingleBean(WebFilterChainProxy.class));
+	}
+
+	@Test
+	public void enablesWebFluxSecurity() {
 		this.contextRunner
 				.withConfiguration(
 						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
 								ReactiveUserDetailsServiceAutoConfiguration.class))
-				.run((context) -> {
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-					assertThat(context).getBean(WebFluxSecurityConfiguration.class)
-							.isNotNull();
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-				});
+				.run((context) -> assertThat(context).getBean(WebFilterChainProxy.class)
+						.isNotNull());
+	}
+
+	@Configuration
+	static class WebFilterChainProxyConfiguration {
+
+		@Bean
+		public WebFilterChainProxy webFilterChainProxy() {
+			return mock(WebFilterChainProxy.class);
+		}
+
 	}
 
 }
diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java
deleted file mode 100644
index c4ab9d517b..0000000000
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/WebFluxSecurityConfigurationTests.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2012-2018 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.boot.autoconfigure.security.reactive;
-
-import org.junit.Test;
-
-import org.springframework.boot.autoconfigure.AutoConfigurations;
-import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.web.server.WebFilterChainProxy;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
-/**
- * Tests for {@link WebFluxSecurityConfiguration}.
- *
- * @author Madhura Bhave
- */
-public class WebFluxSecurityConfigurationTests {
-
-	private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
-
-	@Test
-	public void backsOffWhenWebFilterChainProxyBeanPresent() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
-				.withUserConfiguration(WebFilterChainProxyConfiguration.class)
-				.run((context) -> assertThat(context)
-						.doesNotHaveBean(WebFluxSecurityConfiguration.class));
-	}
-
-	@Test
-	public void enablesWebFluxSecurity() {
-		this.contextRunner
-				.withConfiguration(
-						AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
-								ReactiveUserDetailsServiceAutoConfiguration.class))
-				.run((context) -> {
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-					assertThat(context).getBean(WebFluxSecurityConfiguration.class)
-							.isNotNull();
-					assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
-				});
-	}
-
-	@Configuration
-	static class WebFilterChainProxyConfiguration {
-
-		@Bean
-		public WebFilterChainProxy webFilterChainProxy() {
-			return mock(WebFilterChainProxy.class);
-		}
-
-	}
-
-}