mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-15 01:07:30 +08:00
Following the changes in gh-37504, the reactive resource server auto-configuration could enable WebFlux security in situations where it was otherwise in active. This could then result in an application failing to start as no authentication manager is available. This commit updates the configurations that enable WebFlux security so that they fully back off unless their related configurations are active. Previously, only the configuration of the SecurityWebFilterChain would back off. This has been expanded to cover `@EnableWebFluxSecurity` as well. This has required splitting the configuration classes up so that the condition evaluation order can be controlled more precisely. We need to ensure that the JWT decoder bean or the opaque token introspector bean has been defined before evaluation of the conditions for `@EnableWebFluxSecurity`. Without this control, the import through `@EnableWebFluxSecurity` in one location where the conditions do not matchcan prevent a successful import in another where they do. Fixes gh-38713 |
||
---|---|---|
.. | ||
src | ||
build.gradle |