Prevent cryptic exception if SecurityProperties not created

Previously if a user happened to provide an @EnableWebSecurity bean the SecurityProperties would not be created, which is fine until you add the Actuator (which needs them). Fixed by adding an explicit SecurityProperties @Bean if not already present.
12 years ago · 1db28e5b92
2 changed files with 23 additions and 2 deletions
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerPropertiesAutoConfiguration.java
@ -20,6 +20,7 @@ import org.springframework.boot.actuate.properties.ManagementServerProperties;
				@@ -20,6 +20,7 @@ import org.springframework.boot.actuate.properties.ManagementServerProperties;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.autoconfigure.web.ServerPropertiesAutoConfiguration;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@ -42,4 +43,11 @@ public class ManagementServerPropertiesAutoConfiguration {
				@@ -42,4 +43,11 @@ public class ManagementServerPropertiesAutoConfiguration {
 		return new ManagementServerProperties();
 	}

+	// In case security auto configuration hasn't been included
+	@Bean(name = "org.springframework.autoconfigure.security.SecurityProperties")
+	@ConditionalOnMissingBean
+	public SecurityProperties securityProperties() {
+		return new SecurityProperties();
+	}
+
 }
--- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java
+++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java
@ -139,9 +139,22 @@ public class ManagementSecurityAutoConfigurationTests {
				@@ -139,9 +139,22 @@ public class ManagementSecurityAutoConfigurationTests {
 	public void testOverrideAuthenticationManager() throws Exception {
 		this.context = new AnnotationConfigWebApplicationContext();
 		this.context.setServletContext(new MockServletContext());
-		this.context.register(TestConfiguration.class,
+		this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class,
+				ManagementSecurityAutoConfiguration.class,
+				EndpointAutoConfiguration.class,
+				ManagementServerPropertiesAutoConfiguration.class,
+				PropertyPlaceholderAutoConfiguration.class);
+		this.context.refresh();
+		assertEquals(this.context.getBean(TestConfiguration.class).authenticationManager,
+				this.context.getBean(AuthenticationManager.class));
+	}

-		SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class,
+	@Test
+	public void testSecurityPropertiesNotAvailable() throws Exception {
+		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.setServletContext(new MockServletContext());
+		this.context.register(TestConfiguration.class,
+				ManagementSecurityAutoConfiguration.class,
 				EndpointAutoConfiguration.class,
 				ManagementServerPropertiesAutoConfiguration.class,
 				PropertyPlaceholderAutoConfiguration.class);