From 11f5c769683f14a22799cf9057c336b464996e37 Mon Sep 17 00:00:00 2001
From: Stephane Nicoll <snicoll@pivotal.io>
Date: Fri, 12 Dec 2014 16:15:38 +0100
Subject: [PATCH] Properly guard ManagementSecurityAutoConfiguration

ManagementSecurityAutoConfiguration fully relies on the presence of a
web environment, yet the configuration class itself was not guarded by
`@ConditionalOnWebApplication` (while nested config where).

This turned out to be a problem for command-line applications using
spring security (i.e. CRaSH integration).

Fixes gh-2112
---
 .../autoconfigure/ManagementSecurityAutoConfiguration.java     | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
index 1aaa9f0df36..67285af6a8c 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java
@@ -79,6 +79,7 @@ import org.springframework.util.StringUtils;
  * @author Dave Syer
  */
 @Configuration
+@ConditionalOnWebApplication
 @ConditionalOnClass({ EnableWebSecurity.class })
 @AutoConfigureAfter(SecurityAutoConfiguration.class)
 @AutoConfigureBefore(FallbackWebSecurityAutoConfiguration.class)
@@ -172,7 +173,6 @@ public class ManagementSecurityAutoConfiguration {
 
 	@Configuration
 	@ConditionalOnMissingBean(WebSecurityConfiguration.class)
-	@ConditionalOnWebApplication
 	@Conditional(WebSecurityEnablerCondition.class)
 	@EnableWebSecurity
 	protected static class WebSecurityEnabler extends AuthenticationManagerConfiguration {
@@ -200,7 +200,6 @@ public class ManagementSecurityAutoConfiguration {
 	@Configuration
 	@ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class })
 	@ConditionalOnProperty(prefix = "management.security", name = "enabled", matchIfMissing = true)
-	@ConditionalOnWebApplication
 	@Order(ManagementServerProperties.BASIC_AUTH_ORDER)
 	protected static class ManagementWebSecurityConfigurerAdapter extends
 			WebSecurityConfigurerAdapter {