Nest the @EnableWebSecurity so it can be added to a condition

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/SecurityAutoConfiguration.java

@@ -96,8 +96,7 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
  */
 @Configuration
 @ConditionalOnClass({ EnableWebSecurity.class })
-// @ConditionalOnMissingBean(SecurityAutoConfiguration.class)
-@EnableWebSecurity
+@ConditionalOnMissingBean(annotation = EnableWebSecurity.class)
 @EnableConfigurationProperties
 public class SecurityAutoConfiguration {
 
@@ -137,6 +136,7 @@ public class SecurityAutoConfiguration {
 
 	// Get the ignored paths in early
 	@Order(Ordered.HIGHEST_PRECEDENCE)
+	@EnableWebSecurity
 	private static class IgnoredPathsWebSecurityConfigurerAdapter implements
 			SecurityConfigurer<Filter, WebSecurity> {
 

spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/SpringApplicationHierarchyTests.java

@@ -17,7 +17,6 @@
 package org.springframework.boot.actuate.autoconfigure;
 
 import org.junit.After;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.web.ServerPropertiesAutoConfiguration;
@@ -28,7 +27,6 @@ import org.springframework.context.ConfigurableApplicationContext;
  * @author Dave Syer
  * 
  */
-@Ignore("Unignore me when security configuration can be made conditional")
 public class SpringApplicationHierarchyTests {
 
 	private ConfigurableApplicationContext context;