Making ReactiveUserDetailsServiceAutoConfiguration conditional

The UserDetailsServiceAutoConfiguration is only to be active in a reactive web application

See gh-43345

Author: BenchmarkingBuffalo

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfiguration.java

@@ -31,6 +31,7 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.autoconfigure.rsocket.RSocketMessagingAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -55,6 +56,7 @@
  * {@link ReactiveAuthenticationManagerResolver}.
  *
  * @author Madhura Bhave
+ * @author Lasse Wulff
  * @since 2.0.0
  */
 @AutoConfiguration(before = ReactiveSecurityAutoConfiguration.class, after = RSocketMessagingAutoConfiguration.class)
@@ -65,6 +67,7 @@
 		type = { "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder" })
 @Conditional({ ReactiveUserDetailsServiceAutoConfiguration.RSocketEnabledOrReactiveWebApplication.class,
 		ReactiveUserDetailsServiceAutoConfiguration.MissingAlternativeOrUserPropertiesConfigured.class })
+@ConditionalOnWebApplication(type = Type.REACTIVE)
 @EnableConfigurationProperties(SecurityProperties.class)
 public class ReactiveUserDetailsServiceAutoConfiguration {
 

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfigurationTests.java

@@ -17,6 +17,7 @@
 package org.springframework.boot.autoconfigure.security.reactive;
 
 import java.time.Duration;
+import java.util.function.Function;
 
 import org.junit.jupiter.api.Test;
 
@@ -28,6 +29,7 @@
 import org.springframework.boot.test.context.FilteredClassLoader;
 import org.springframework.boot.test.context.runner.ApplicationContextRunner;
 import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
+import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -52,12 +54,36 @@
  *
  * @author Madhura Bhave
  * @author HaiTao Zhang
+ * @author Lasse Wulff
  */
 class ReactiveUserDetailsServiceAutoConfigurationTests {
 
 	private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
 		.withConfiguration(AutoConfigurations.of(ReactiveUserDetailsServiceAutoConfiguration.class));
 
+	@Test
+	void shouldSupplyUserDetailsServiceInReactiveApp() {
+		this.contextRunner.withUserConfiguration(TestSecurityConfiguration.class)
+			.with(AuthenticationExclude.reactiveApp())
+			.run((context) -> assertThat(context).hasSingleBean(ReactiveUserDetailsService.class));
+	}
+
+	@Test
+	void shouldNotSupplyUserDetailsServiceInServletApp() {
+		new WebApplicationContextRunner()
+			.withConfiguration(AutoConfigurations.of(ReactiveUserDetailsServiceAutoConfiguration.class))
+			.with(AuthenticationExclude.servletApp())
+			.run((context) -> assertThat(context).doesNotHaveBean(ReactiveUserDetailsService.class));
+	}
+
+	@Test
+	void shouldNotSupplyUserDetailsServiceInNonWebApp() {
+		new ApplicationContextRunner()
+			.withConfiguration(AutoConfigurations.of(ReactiveUserDetailsServiceAutoConfiguration.class))
+			.with(AuthenticationExclude.noWebApp())
+			.run((context) -> assertThat(context).doesNotHaveBean(ReactiveUserDetailsService.class));
+	}
+
 	@Test
 	void configuresADefaultUser() {
 		this.contextRunner
@@ -72,7 +98,7 @@ void configuresADefaultUser() {
 
 	@Test
 	void userDetailsServiceWhenRSocketConfigured() {
-		new ApplicationContextRunner()
+		this.contextRunner
 			.withClassLoader(
 					new FilteredClassLoader(ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class))
 			.withConfiguration(AutoConfigurations.of(ReactiveUserDetailsServiceAutoConfiguration.class,
@@ -98,7 +124,7 @@ void doesNotConfigureDefaultUserIfUserDetailsServiceAvailable() {
 	void doesNotConfigureDefaultUserIfAuthenticationManagerAvailable() {
 		this.contextRunner.withUserConfiguration(AuthenticationManagerConfig.class, TestSecurityConfiguration.class)
 			.withConfiguration(AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
-			.run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class).isNull());
+			.run((context) -> assertThat(context).doesNotHaveBean(ReactiveUserDetailsService.class));
 	}
 
 	@Test
@@ -175,6 +201,25 @@ private void testPasswordEncoding(Class<?> configClass, String providedPassword,
 			}));
 	}
 
+	private static final class AuthenticationExclude {
+
+		private static final FilteredClassLoader filteredClassLoader = new FilteredClassLoader(
+				ClientRegistrationRepository.class, ReactiveOpaqueTokenIntrospector.class);
+
+		static Function<WebApplicationContextRunner, WebApplicationContextRunner> servletApp() {
+			return (contextRunner) -> contextRunner.withClassLoader(filteredClassLoader);
+		}
+
+		static Function<ReactiveWebApplicationContextRunner, ReactiveWebApplicationContextRunner> reactiveApp() {
+			return (contextRunner) -> contextRunner.withClassLoader(filteredClassLoader);
+		}
+
+		static Function<ApplicationContextRunner, ApplicationContextRunner> noWebApp() {
+			return (contextRunner) -> contextRunner.withClassLoader(filteredClassLoader);
+		}
+
+	}
+
 	@Configuration(proxyBeanMethods = false)
 	@EnableWebFluxSecurity
 	@EnableConfigurationProperties(SecurityProperties.class)