Properly guard ManagementSecurityAutoConfiguration

ManagementSecurityAutoConfiguration fully relies on the presence of a web environment, yet the configuration class itself was not guarded by `@ConditionalOnWebApplication` (while nested config where). This turned out to be a problem for command-line applications using spring security (i.e. CRaSH integration). Fixes gh-2112
2014-12-12 16:15:38 +01:00 · 2014-12-12 16:15:38 +01:00 · 11f5c76968
parent 8f6f25f88e
commit 11f5c76968
1 changed files with 1 additions and 2 deletions
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
@ -79,6 +79,7 @@ import org.springframework.util.StringUtils;
 * @author Dave Syer
 */
@Configuration
+@ConditionalOnWebApplication
@ConditionalOnClass({ EnableWebSecurity.class })
@AutoConfigureAfter(SecurityAutoConfiguration.class)
@AutoConfigureBefore(FallbackWebSecurityAutoConfiguration.class)
@ -172,7 +173,6 @@ public class ManagementSecurityAutoConfiguration {

 	@Configuration
 	@ConditionalOnMissingBean(WebSecurityConfiguration.class)
-	@ConditionalOnWebApplication
 	@Conditional(WebSecurityEnablerCondition.class)
 	@EnableWebSecurity
 	protected static class WebSecurityEnabler extends AuthenticationManagerConfiguration {
@ -200,7 +200,6 @@ public class ManagementSecurityAutoConfiguration {
 	@Configuration
 	@ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class })
 	@ConditionalOnProperty(prefix = "management.security", name = "enabled", matchIfMissing = true)
-	@ConditionalOnWebApplication
 	@Order(ManagementServerProperties.BASIC_AUTH_ORDER)
 	protected static class ManagementWebSecurityConfigurerAdapter extends
 			WebSecurityConfigurerAdapter {