root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Change condition for adding @EnableWebSecurity 

Instead of looking for the presence of `WebSecurityConfiguration`,
this commit checks for the presence of a `Filter` with the name
springSecurityFilterChain. This allows users to configure the Filter
without adding `WebSecurityConfiguration`, making it more flexible.
`springSecurityFilterChain` is somewhat of a contract in Spring Security
and it relies on the name being `springSecurityFilterChain`.

Closes gh-10849
This commit is contained in:
Madhura Bhave 2017-11-01 16:34:15 -07:00
parent 4757ad63f1
commit 083cf50685
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java
View File

@ -16,24 +16,27 @@
package org.springframework.boot.autoconfigure.security;
import javax.servlet.Filter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* If there is a bean of type WebSecurityConfigurerAdapter, this adds the
* {@code @EnableWebSecurity} annotation if it is not already specified. This will make
* {@link EnableWebSecurity} annotation. This will make
* sure that the annotation is present with default security auto-configuration and also
* if the user adds custom security and forgets to add the annotation.
* if the user adds custom security and forgets to add the annotation. If {@link EnableWebSecurity}
* has already been added or if a {@link Filter} with name springSecurityFilterChain
* has been configured by the user, this will back-off.
*
* @author Madhura Bhave
* @since 2.0.0
*/
@ConditionalOnBean(WebSecurityConfigurerAdapter.class)
@ConditionalOnMissingBean(WebSecurityConfiguration.class)
@ConditionalOnMissingBean(value = Filter.class, name = "springSecurityFilterChain")
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@EnableWebSecurity
public class WebSecurityEnablerConfiguration {