Change condition for adding @EnableWebSecurity

Instead of looking for the presence of `WebSecurityConfiguration`, this commit checks for the presence of a `Filter` with the name springSecurityFilterChain. This allows users to configure the Filter without adding `WebSecurityConfiguration`, making it more flexible. `springSecurityFilterChain` is somewhat of a contract in Spring Security and it relies on the name being `springSecurityFilterChain`. Closes gh-10849

Change condition for adding @EnableWebSecurity
Instead of looking for the presence of `WebSecurityConfiguration`, this commit checks for the presence of a `Filter` with the name springSecurityFilterChain. This allows users to configure the Filter without adding `WebSecurityConfiguration`, making it more flexible. `springSecurityFilterChain` is somewhat of a contract in Spring Security and it relies on the name being `springSecurityFilterChain`. Closes gh-10849
083cf506 · Madhura Bhave · 4757ad63 · 083cf506
Commit 083cf506 authored Nov 01, 2017 by Madhura Bhave
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

WebSecurityEnablerConfiguration.java ...toconfigure/security/WebSecurityEnablerConfiguration.java +7 -4

No files found.
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/WebSecurityEnablerConfiguration.java
@@ -16,24 +16,27 @@

 package org.springframework.boot.autoconfigure.security;

+import javax.servlet.Filter;
+
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

 /**
 * If there is a bean of type WebSecurityConfigurerAdapter, this adds the
- * {@code @EnableWebSecurity} annotation if it is not already specified. This will make
+ * {@link EnableWebSecurity} annotation. This will make
 * sure that the annotation is present with default security auto-configuration and also
- * if the user adds custom security and forgets to add the annotation.
+ * if the user adds custom security and forgets to add the annotation. If {@link EnableWebSecurity}
+ * has already been added or if a {@link Filter} with name springSecurityFilterChain
+ * has been configured by the user, this will back-off.
 *
 * @author Madhura Bhave
 * @since 2.0.0
 */
 @ConditionalOnBean(WebSecurityConfigurerAdapter.class)
-@ConditionalOnMissingBean(WebSecurityConfiguration.class)
+@ConditionalOnMissingBean(value = Filter.class, name = "springSecurityFilterChain")
 @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
 @EnableWebSecurity
 public class WebSecurityEnablerConfiguration {