diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java index 18f6f03e8f..14862d79b9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java @@ -45,7 +45,7 @@ class ReactiveObservationConfiguration { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static ObjectPostProcessor> webAuthorizationManagerPostProcessor( + static ObjectPostProcessor> rSocketAuthorizationManagerPostProcessor( ObjectProvider registry, ObjectProvider predicate) { return new ObjectPostProcessor<>() { @Override @@ -59,7 +59,7 @@ public ReactiveAuthorizationManager postProcess(ReactiveAuthorizationManager obj @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static ObjectPostProcessor authenticationManagerPostProcessor( + static ObjectPostProcessor rSocketAuthenticationManagerPostProcessor( ObjectProvider registry, ObjectProvider predicate) { return new ObjectPostProcessor<>() { @Override @@ -73,7 +73,7 @@ public ReactiveAuthenticationManager postProcess(ReactiveAuthenticationManager o @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static ObjectPostProcessor filterChainDecoratorPostProcessor( + static ObjectPostProcessor rSocketFilterChainDecoratorPostProcessor( ObjectProvider registry, ObjectProvider predicate) { return new ObjectPostProcessor<>() { @Override diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java index 7d0fb806d5..341df74238 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java @@ -41,7 +41,7 @@ class WebSocketObservationConfiguration { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - static ObjectPostProcessor>> webAuthorizationManagerPostProcessor( + static ObjectPostProcessor>> webSocketAuthorizationManagerPostProcessor( ObjectProvider registry, ObjectProvider predicate) { return new ObjectPostProcessor<>() { @Override diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java index 099207d0b5..cf2d035806 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java @@ -68,6 +68,7 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry; import org.springframework.security.config.observation.SecurityObservationSettings; import org.springframework.security.core.Authentication; @@ -438,6 +439,12 @@ public void sendMessageWhenExcludeAuthorizationObservationsThenUnobserved() { verifyNoInteractions(observationHandler); } + // gh-16011 + @Test + public void enableWebSocketSecurityWhenWebSocketSecurityUsedThenAutowires() { + loadConfig(WithWebSecurity.class); + } + private void assertHandshake(HttpServletRequest request) { TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class); assertThatCsrfToken(handshakeHandler.attributes.get(CsrfToken.class.getName())).isEqualTo(this.token); @@ -489,6 +496,7 @@ private T clientInboundChannel() { private void loadConfig(Class... configs) { this.context = new AnnotationConfigWebApplicationContext(); + this.context.setAllowBeanDefinitionOverriding(false); this.context.register(configs); this.context.setServletConfig(new MockServletConfig()); this.context.refresh(); @@ -939,6 +947,13 @@ TestHandshakeHandler testHandshakeHandler() { } + @Configuration(proxyBeanMethods = false) + @EnableWebSecurity + @Import(WebSocketSecurityConfig.class) + static class WithWebSecurity { + + } + @Configuration static class SyncExecutorConfig {