From 868589366e5428d6ba79ee26be5ef94602e5aa85 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 25 Aug 2015 11:16:29 -0500 Subject: [PATCH 1/2] Ensure that Spring Security Filter's order is configured This commit ensures that even when a user specifies a WebSecurityConfiguration that the order of Spring Security's Filter is still configured. Closes gh-3824 See gh-3703 --- ...tyFilterRegistrationAutoConfiguration.java | 52 +++++++++++++++ .../SpringBootWebSecurityConfiguration.java | 17 ----- .../main/resources/META-INF/spring.factories | 1 + .../SecurityAutoConfigurationTests.java | 64 +++++++++++++++++++ 4 files changed, 117 insertions(+), 17 deletions(-) create mode 100644 spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java new file mode 100644 index 00000000000..9f41830f6c8 --- /dev/null +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java @@ -0,0 +1,52 @@ +/* + * Copyright 2002-2015 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.boot.autoconfigure.security; + +import javax.servlet.Filter; + +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.boot.autoconfigure.AutoConfigureAfter; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; +import org.springframework.boot.context.embedded.FilterRegistrationBean; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; + +/** + * Configures the ordering for Spring Security's Filter. + * + * @author Rob Winch + * @since 1.3 + */ +@Configuration +@ConditionalOnWebApplication +@EnableConfigurationProperties +@AutoConfigureAfter(SpringBootWebSecurityConfiguration.class) +public class SecurityFilterRegistrationAutoConfiguration { + @Bean + @ConditionalOnBean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) + public FilterRegistrationBean securityFilterChainRegistration( + @Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) Filter securityFilter, + SecurityProperties securityProperties) { + FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter); + registration.setOrder(securityProperties.getFilterOrder()); + registration + .setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME); + return registration; + } +} \ No newline at end of file diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java index f60c2a064c5..57d95f7a300 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java @@ -20,13 +20,10 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import javax.servlet.Filter; import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; @@ -34,7 +31,6 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplicat import org.springframework.boot.autoconfigure.security.SecurityProperties.Headers; import org.springframework.boot.autoconfigure.web.ErrorController; import org.springframework.boot.autoconfigure.web.ServerProperties; -import org.springframework.boot.context.embedded.FilterRegistrationBean; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -50,7 +46,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; -import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; import org.springframework.security.web.header.writers.HstsHeaderWriter; import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -98,18 +93,6 @@ public class SpringBootWebSecurityConfiguration { return new IgnoredPathsWebSecurityConfigurerAdapter(); } - @Bean - @ConditionalOnBean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) - public FilterRegistrationBean securityFilterChainRegistration( - @Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) Filter securityFilter, - SecurityProperties securityProperties) { - FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter); - registration.setOrder(securityProperties.getFilterOrder()); - registration - .setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME); - return registration; - } - public static void configureHeaders(HeadersConfigurer configurer, SecurityProperties.Headers headers) throws Exception { if (headers.getHsts() != Headers.HSTS.NONE) { diff --git a/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories b/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories index 6fd13ee1033..e04ad19f534 100644 --- a/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories +++ b/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories @@ -56,6 +56,7 @@ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\ org.springframework.boot.autoconfigure.reactor.ReactorAutoConfiguration,\ org.springframework.boot.autoconfigure.redis.RedisAutoConfiguration,\ org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\ +org.springframework.boot.autoconfigure.security.SecurityFilterRegistrationAutoConfiguration,\ org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration,\ org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration,\ org.springframework.boot.autoconfigure.sendgrid.SendGridAutoConfiguration,\ diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java index 77375b2d96d..7da08bb2726 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java @@ -21,6 +21,9 @@ import java.util.List; import org.junit.After; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.support.DefaultListableBeanFactory; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.EnableAutoConfigurationImportSelector; import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration; import org.springframework.boot.autoconfigure.TestAutoConfigurationPackage; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; @@ -31,9 +34,13 @@ import org.springframework.boot.context.embedded.FilterRegistrationBean; import org.springframework.boot.test.EnvironmentTestUtils; import org.springframework.context.ApplicationEvent; import org.springframework.context.ApplicationListener; +import org.springframework.context.annotation.AnnotationConfigApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; +import org.springframework.core.io.DefaultResourceLoader; +import org.springframework.core.type.StandardAnnotationMetadata; +import org.springframework.mock.env.MockEnvironment; import org.springframework.mock.web.MockServletContext; import org.springframework.orm.jpa.JpaTransactionManager; import org.springframework.security.authentication.AuthenticationManager; @@ -45,6 +52,7 @@ import org.springframework.security.authentication.event.AuthenticationFailureBa import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; @@ -52,9 +60,11 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.util.ObjectUtils; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -90,11 +100,57 @@ public class SecurityAutoConfigurationTests { assertEquals(5, filterChains.size()); } + // gh-3703 + @Test + public void testDefaultFilterOrderWithSecurityAdapter() throws Exception { + this.context = new AnnotationConfigWebApplicationContext(); + this.context.setServletContext(new MockServletContext()); + this.context.register(WebSecurity.class, + SecurityAutoConfiguration.class, + SecurityFilterRegistrationAutoConfiguration.class, + ServerPropertiesAutoConfiguration.class, + PropertyPlaceholderAutoConfiguration.class); + this.context.refresh(); + assertEquals( + 0, + this.context.getBean("securityFilterChainRegistration", + FilterRegistrationBean.class).getOrder()); + } + + @Test + public void testSecurityFilterRegistrationAutoConfigurationRegisteredAutoConfiguration() throws Exception { + EnableAutoConfigurationImportSelector selector = new EnableAutoConfigurationImportSelector(); + selector.setBeanFactory(new DefaultListableBeanFactory()); + selector.setEnvironment(new MockEnvironment()); + selector.setResourceLoader(new DefaultResourceLoader()); + String[] imports = selector.selectImports(new StandardAnnotationMetadata(AutoConfiguration.class)); + + assertTrue(ObjectUtils.containsElement(imports, "org.springframework.boot.autoconfigure.security.SecurityFilterRegistrationAutoConfiguration")); + } + + @Test + public void testDefaultFilterOrderNotWeb() throws Exception { + AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(); + context.register(SecurityAutoConfiguration.class, + SecurityFilterRegistrationAutoConfiguration.class, + ServerPropertiesAutoConfiguration.class, + PropertyPlaceholderAutoConfiguration.class); + + try { + context.refresh(); + assertFalse( + context.containsBean("securityFilterChainRegistration")); + } finally { + context.close(); + } + } + @Test public void testDefaultFilterOrder() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, + SecurityFilterRegistrationAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); @@ -110,6 +166,7 @@ public class SecurityAutoConfigurationTests { EnvironmentTestUtils.addEnvironment(this.context, "security.filter-order:12345"); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, + SecurityFilterRegistrationAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); @@ -411,4 +468,11 @@ public class SecurityAutoConfigurationTests { } + @Configuration + @EnableWebSecurity + static class WebSecurity extends WebSecurityConfigurerAdapter {} + + @Configuration + @EnableAutoConfiguration + static class AutoConfiguration {} } From 90668584c3e11006844732743cf1335513eaca1c Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Thu, 27 Aug 2015 08:34:51 +0100 Subject: [PATCH 2/2] Polish contribution Closes gh-3703 --- ...a => SecurityFilterAutoConfiguration.java} | 13 +++-- .../main/resources/META-INF/spring.factories | 2 +- .../SecurityAutoConfigurationTests.java | 47 +++++-------------- 3 files changed, 24 insertions(+), 38 deletions(-) rename spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/{SecurityFilterRegistrationAutoConfiguration.java => SecurityFilterAutoConfiguration.java} (78%) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java similarity index 78% rename from spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java rename to spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java index 9f41830f6c8..bdb5b39bb53 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterRegistrationAutoConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2015 the original author or authors. + * Copyright 2012-2015 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,16 +19,21 @@ import javax.servlet.Filter; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.AutoConfigureAfter; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.context.embedded.FilterRegistrationBean; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; /** - * Configures the ordering for Spring Security's Filter. + * {@link EnableAutoConfiguration Auto-configuration} for Spring Security's Filter. + * Configured separately from {@link SpringBootWebSecurityConfiguration} to ensure that + * the filter's order is still configured when a user-provided + * {@link WebSecurityConfiguration} exists. * * @author Rob Winch * @since 1.3 @@ -37,7 +42,8 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn @ConditionalOnWebApplication @EnableConfigurationProperties @AutoConfigureAfter(SpringBootWebSecurityConfiguration.class) -public class SecurityFilterRegistrationAutoConfiguration { +public class SecurityFilterAutoConfiguration { + @Bean @ConditionalOnBean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME) public FilterRegistrationBean securityFilterChainRegistration( @@ -49,4 +55,5 @@ public class SecurityFilterRegistrationAutoConfiguration { .setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME); return registration; } + } \ No newline at end of file diff --git a/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories b/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories index e04ad19f534..9980c1a0cd5 100644 --- a/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories +++ b/spring-boot-autoconfigure/src/main/resources/META-INF/spring.factories @@ -56,7 +56,7 @@ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\ org.springframework.boot.autoconfigure.reactor.ReactorAutoConfiguration,\ org.springframework.boot.autoconfigure.redis.RedisAutoConfiguration,\ org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\ -org.springframework.boot.autoconfigure.security.SecurityFilterRegistrationAutoConfiguration,\ +org.springframework.boot.autoconfigure.security.SecurityFilterAutoConfiguration,\ org.springframework.boot.autoconfigure.security.FallbackWebSecurityAutoConfiguration,\ org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration,\ org.springframework.boot.autoconfigure.sendgrid.SendGridAutoConfiguration,\ diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java index 7da08bb2726..7acbc852116 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java @@ -21,9 +21,6 @@ import java.util.List; import org.junit.After; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.support.DefaultListableBeanFactory; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.boot.autoconfigure.EnableAutoConfigurationImportSelector; import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration; import org.springframework.boot.autoconfigure.TestAutoConfigurationPackage; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; @@ -38,9 +35,6 @@ import org.springframework.context.annotation.AnnotationConfigApplicationContext import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; -import org.springframework.core.io.DefaultResourceLoader; -import org.springframework.core.type.StandardAnnotationMetadata; -import org.springframework.mock.env.MockEnvironment; import org.springframework.mock.web.MockServletContext; import org.springframework.orm.jpa.JpaTransactionManager; import org.springframework.security.authentication.AuthenticationManager; @@ -60,7 +54,6 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.util.ObjectUtils; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import static org.junit.Assert.assertEquals; @@ -73,6 +66,7 @@ import static org.junit.Assert.fail; * Tests for {@link SecurityAutoConfiguration}. * * @author Dave Syer + * @author Rob Winch */ public class SecurityAutoConfigurationTests { @@ -100,14 +94,12 @@ public class SecurityAutoConfigurationTests { assertEquals(5, filterChains.size()); } - // gh-3703 @Test public void testDefaultFilterOrderWithSecurityAdapter() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); - this.context.register(WebSecurity.class, - SecurityAutoConfiguration.class, - SecurityFilterRegistrationAutoConfiguration.class, + this.context.register(WebSecurity.class, SecurityAutoConfiguration.class, + SecurityFilterAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); @@ -118,29 +110,17 @@ public class SecurityAutoConfigurationTests { } @Test - public void testSecurityFilterRegistrationAutoConfigurationRegisteredAutoConfiguration() throws Exception { - EnableAutoConfigurationImportSelector selector = new EnableAutoConfigurationImportSelector(); - selector.setBeanFactory(new DefaultListableBeanFactory()); - selector.setEnvironment(new MockEnvironment()); - selector.setResourceLoader(new DefaultResourceLoader()); - String[] imports = selector.selectImports(new StandardAnnotationMetadata(AutoConfiguration.class)); - - assertTrue(ObjectUtils.containsElement(imports, "org.springframework.boot.autoconfigure.security.SecurityFilterRegistrationAutoConfiguration")); - } - - @Test - public void testDefaultFilterOrderNotWeb() throws Exception { + public void testFilterIsNotRegisteredInNonWeb() throws Exception { AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(); context.register(SecurityAutoConfiguration.class, - SecurityFilterRegistrationAutoConfiguration.class, + SecurityFilterAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); - try { context.refresh(); - assertFalse( - context.containsBean("securityFilterChainRegistration")); - } finally { + assertFalse(context.containsBean("securityFilterChainRegistration")); + } + finally { context.close(); } } @@ -150,7 +130,7 @@ public class SecurityAutoConfigurationTests { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, - SecurityFilterRegistrationAutoConfiguration.class, + SecurityFilterAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); @@ -166,7 +146,7 @@ public class SecurityAutoConfigurationTests { EnvironmentTestUtils.addEnvironment(this.context, "security.filter-order:12345"); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, - SecurityFilterRegistrationAutoConfiguration.class, + SecurityFilterAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); @@ -470,9 +450,8 @@ public class SecurityAutoConfigurationTests { @Configuration @EnableWebSecurity - static class WebSecurity extends WebSecurityConfigurerAdapter {} + static class WebSecurity extends WebSecurityConfigurerAdapter { + + } - @Configuration - @EnableAutoConfiguration - static class AutoConfiguration {} }