From a37ce531a306af0e329a0e3eb3bedd0b8e6c459a Mon Sep 17 00:00:00 2001 From: Eleftheria Stein Date: Mon, 10 Jun 2019 12:14:56 -0400 Subject: [PATCH] Disable bean proxying in configuration classes Fixes gh-6967 --- .../AuthenticationConfiguration.java | 2 +- .../ObjectPostProcessorConfiguration.java | 4 +- .../GlobalMethodSecurityConfiguration.java | 2 +- .../Jsr250MetadataSourceConfiguration.java | 4 +- .../ReactiveMethodSecurityConfiguration.java | 2 +- .../OAuth2ClientConfiguration.java | 2 +- .../WebSecurityConfiguration.java | 2 +- .../ReactiveOAuth2ClientImportSelector.java | 4 +- .../ServerHttpSecurityConfiguration.java | 2 +- .../WebFluxSecurityConfiguration.java | 2 +- .../WebMvcSecurityConfiguration.java | 4 +- .../AuthenticationConfigurationTests.java | 2 +- .../EnableGlobalAuthenticationTests.java | 79 +++++++++++++++++-- ...lobalMethodSecurityConfigurationTests.java | 6 +- ...ctiveMethodSecurityConfigurationTests.java | 4 +- .../configuration/EnableWebSecurityTests.java | 66 +++++++++++++++- .../WebSecurityConfigurationTests.java | 4 +- .../reactive/EnableWebFluxSecurityTests.java | 69 +++++++++++++++- .../ServerHttpSecurityConfigurationTest.java | 4 +- .../WebFluxSecurityConfigurationTests.java | 4 +- 20 files changed, 234 insertions(+), 34 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java index 2704ca6d4d6..56e0ecfd67f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java @@ -57,7 +57,7 @@ * @since 3.2 * */ -@Configuration +@Configuration(proxyBeanMethods = false) @Import(ObjectPostProcessorConfiguration.class) public class AuthenticationConfiguration { diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java index 1e681b1670e..e169bed3a25 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,7 +33,7 @@ * @author Rob Winch * @since 3.2 */ -@Configuration +@Configuration(proxyBeanMethods = false) public class ObjectPostProcessorConfiguration { @Bean diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java index 38925a45d0a..9ddedb8f4e3 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java @@ -79,7 +79,7 @@ * @since 3.2 * @see EnableGlobalMethodSecurity */ -@Configuration +@Configuration(proxyBeanMethods = false) public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware { private static final Log logger = LogFactory diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java index e8786c27614..bfb920d90d0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource; -@Configuration +@Configuration(proxyBeanMethods = false) class Jsr250MetadataSourceConfiguration { @Bean diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java index fd7367805aa..8b4895bb60a 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java @@ -38,7 +38,7 @@ * @author Tadaya Tsuyukubo * @since 5.0 */ -@Configuration +@Configuration(proxyBeanMethods = false) class ReactiveMethodSecurityConfiguration implements ImportAware { private int advisorOrder; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java index 375050c3bbb..4151010a846 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java @@ -58,7 +58,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) { } } - @Configuration + @Configuration(proxyBeanMethods = false) static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer { private ClientRegistrationRepository clientRegistrationRepository; private OAuth2AuthorizedClientRepository authorizedClientRepository; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java index 23bb6a6f279..028da2aecd1 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java @@ -63,7 +63,7 @@ * @author Keesun Baik * @since 3.2 */ -@Configuration +@Configuration(proxyBeanMethods = false) public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware { private WebSecurity webSecurity; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java index 14c062333be..3fdd744a51c 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,7 +52,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) { new String[] {}; } - @Configuration + @Configuration(proxyBeanMethods = false) static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer { private ReactiveClientRegistrationRepository clientRegistrationRepository; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java index a0d9084b6f9..a6c7f4783f6 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java @@ -42,7 +42,7 @@ * @author Dan Zheng * @since 5.0 */ -@Configuration +@Configuration(proxyBeanMethods = false) class ServerHttpSecurityConfiguration { private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration."; private static final String HTTPSECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "httpSecurity"; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java index ea683455f71..a2e0300c57e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java @@ -38,7 +38,7 @@ * @author Rob Winch * @since 5.0 */ -@Configuration +@Configuration(proxyBeanMethods = false) class WebFluxSecurityConfiguration { public static final int WEB_FILTER_CHAIN_FILTER_ORDER = 0 - 100; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java index d2754f93bac..ba1d7204fb2 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ import java.util.List; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver; import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor; @@ -37,6 +38,7 @@ * @author Rob Winch * @since 3.2 */ +@Configuration(proxyBeanMethods = false) @EnableWebSecurity public class WebMvcSecurityConfiguration implements WebMvcConfigurer { diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java index ace8664ad89..01fc0b7cba4 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java @@ -542,7 +542,7 @@ public void getAuthenticationManagerWhenAuthenticationConfigurationSubclassedThe .isInstanceOf(AlreadyBuiltException.class); } - @Configuration(proxyBeanMethods = false) + @Configuration static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration { } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java index 21d71003828..0670a827698 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,26 +17,30 @@ import static org.assertj.core.api.Assertions.assertThat; +import org.junit.Rule; import org.junit.Test; -import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.security.config.test.SpringTestRule; /** * * @author Rob Winch * */ -@RunWith(SpringJUnit4ClassRunner.class) public class EnableGlobalAuthenticationTests { - @Autowired - AuthenticationConfiguration auth; + @Rule + public final SpringTestRule spring = new SpringTestRule(); // gh-4086 @Test public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception { + this.spring.register(Config.class).autowire(); + + AuthenticationConfiguration auth = spring.getContext().getBean(AuthenticationConfiguration.class); + assertThat(auth.getAuthenticationManager()).isNotNull(); } @@ -50,4 +54,67 @@ public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception } } + @Test + public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { + this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isSameAs(childBean); + } + + @EnableGlobalAuthentication + static class BeanProxyEnabledByDefaultConfig { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + @Test + public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { + this.spring.register(BeanProxyDisabledConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isNotSameAs(childBean); + } + + @Configuration(proxyBeanMethods = false) + @EnableGlobalAuthentication + static class BeanProxyDisabledConfig { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + static class Parent { + private Child child; + + Parent(Child child) { + this.child = child; + } + + public Child getChild() { + return child; + } + } + + static class Child { + Child() { + } + } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java index e06dde17648..f93fbf1f2a0 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java @@ -557,7 +557,7 @@ public void emptyPrefixRoleUser() {} @Test public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() { - this.spring.register(CustomMetadataSourceProxylessConfig.class).autowire(); + this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire(); MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class); MethodSecurityMetadataSource methodSecurityMetadataSource = @@ -567,7 +567,7 @@ public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled( } @EnableGlobalMethodSecurity(prePostEnabled = true) - @Configuration(proxyBeanMethods = false) - public static class CustomMetadataSourceProxylessConfig extends GlobalMethodSecurityConfiguration { + @Configuration + public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration { } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java index 789e9f11f19..3a27f322e6f 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java @@ -89,7 +89,7 @@ GrantedAuthorityDefaults grantedAuthorityDefaults() { } @Test - public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisabled() { + public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() { this.spring.register(SubclassConfig.class).autowire(); TestingAuthenticationToken authentication = new TestingAuthenticationToken( @@ -105,7 +105,7 @@ public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisable assertThat(root.hasRole("ABC")).isTrue(); } - @Configuration(proxyBeanMethods = false) + @Configuration static class SubclassConfig extends ReactiveMethodSecurityConfiguration { } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java index a9e9feda4e8..ddd7d496283 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -122,4 +122,68 @@ String principal(@AuthenticationPrincipal String principal) { } } } + + @Test + public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { + this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isSameAs(childBean); + } + + @EnableWebSecurity + static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + @Test + public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { + this.spring.register(BeanProxyDisabledConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isNotSameAs(childBean); + } + + @Configuration(proxyBeanMethods = false) + @EnableWebSecurity + static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + static class Parent { + private Child child; + + Parent(Child child) { + this.child = child; + } + + public Child getChild() { + return child; + } + } + + static class Child { + Child() { + } + } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java index 5a7709f5f5e..3c4a497e541 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java @@ -406,7 +406,7 @@ public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationTh } @Test - public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() { + public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() { this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class).autowire(); FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class); @@ -415,7 +415,7 @@ public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() { assertThat(filterChains).hasSize(4); } - @Configuration(proxyBeanMethods = false) + @Configuration static class SubclassConfig extends WebSecurityConfiguration { } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index 4bd76d1220c..e317d8f6250 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +22,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; @@ -367,4 +368,70 @@ private static DataBuffer toDataBuffer(String body) { buffer.write(body.getBytes(StandardCharsets.UTF_8)); return buffer; } + + @Test + public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() { + this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isSameAs(childBean); + } + + @EnableWebFluxSecurity + @Import(ReactiveAuthenticationTestConfiguration.class) + static class BeanProxyEnabledByDefaultConfig { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + @Test + public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() { + this.spring.register(BeanProxyDisabledConfig.class).autowire(); + + Child childBean = this.spring.getContext().getBean(Child.class); + Parent parentBean = this.spring.getContext().getBean(Parent.class); + + assertThat(parentBean.getChild()).isNotSameAs(childBean); + } + + @Configuration(proxyBeanMethods = false) + @EnableWebFluxSecurity + @Import(ReactiveAuthenticationTestConfiguration.class) + static class BeanProxyDisabledConfig { + @Bean + public Child child() { + return new Child(); + } + + @Bean + public Parent parent() { + return new Parent(child()); + } + } + + static class Parent { + private Child child; + + Parent(Child child) { + this.child = child; + } + + public Child getChild() { + return child; + } + } + + static class Child { + Child() { + } + } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java index 193cdc06137..31c07cc2e06 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java @@ -44,7 +44,7 @@ public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenServerHttpSecu } @Test - public void loadConfigWhenProxyingDisabledAndSubclassThenServerHttpSecurityExists() { + public void loadConfigWhenProxyingEnabledAndSubclassThenServerHttpSecurityExists() { this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfiguration.class).autowire(); ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class); @@ -52,7 +52,7 @@ public void loadConfigWhenProxyingDisabledAndSubclassThenServerHttpSecurityExist assertThat(serverHttpSecurity).isNotNull(); } - @Configuration(proxyBeanMethods = false) + @Configuration static class SubclassConfig extends ServerHttpSecurityConfiguration { } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java index a4e1f328fdd..0eeec4140af 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java @@ -44,7 +44,7 @@ public void loadConfigWhenReactiveUserDetailsServiceConfiguredThenWebFilterChain } @Test - public void loadConfigWhenProxyingDisabledAndSubclassThenWebFilterChainProxyExists() { + public void loadConfigWhenBeanProxyingEnabledAndSubclassThenWebFilterChainProxyExists() { this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire(); WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class); @@ -52,7 +52,7 @@ public void loadConfigWhenProxyingDisabledAndSubclassThenWebFilterChainProxyExis assertThat(webFilterChainProxy).isNotNull(); } - @Configuration(proxyBeanMethods = false) + @Configuration static class SubclassConfig extends WebFluxSecurityConfiguration { } }