From 24fd9579c5ca8d610b6acf1c669cda83f332f0de Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 29 May 2020 16:49:01 -0500 Subject: [PATCH] Delay AuthenticationPrincipalArgumentResolver Creation Use ObjectProvider to delay its lookup. Closes gh-8613 --- .../ServerHttpSecurityConfiguration.java | 5 +++-- .../reactive/EnableWebFluxSecurityTests.java | 21 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java index a6c7f4783f..b7d4b3e3c7 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java @@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.web.reactive; import org.springframework.beans.BeansException; import org.springframework.beans.factory.BeanFactory; +import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; @@ -87,11 +88,11 @@ class ServerHttpSecurityConfiguration { @Bean public WebFluxConfigurer authenticationPrincipalArgumentResolverConfigurer( - AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver) { + ObjectProvider authenticationPrincipalArgumentResolver) { return new WebFluxConfigurer() { @Override public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) { - configurer.addCustomResolver(authenticationPrincipalArgumentResolver); + configurer.addCustomResolver(authenticationPrincipalArgumentResolver.getObject()); } }; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index e317d8f625..4be1c2b325 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -47,6 +47,7 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; +import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver; import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.WebFilterChainProxy; @@ -59,6 +60,7 @@ import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.reactive.config.DelegatingWebFluxConfiguration; import org.springframework.web.reactive.config.EnableWebFlux; import org.springframework.web.reactive.function.BodyInserters; import org.springframework.web.reactive.result.view.AbstractView; @@ -434,4 +436,23 @@ public class EnableWebFluxSecurityTests { Child() { } } + + @Test + // gh-8596 + public void resolveAuthenticationPrincipalArgumentResolverFirstDoesNotCauseBeanCurrentlyInCreationException() { + this.spring.register(EnableWebFluxSecurityConfiguration.class, + ReactiveAuthenticationTestConfiguration.class, + DelegatingWebFluxConfiguration.class).autowire(); + } + + @EnableWebFluxSecurity + @Configuration(proxyBeanMethods = false) + static class EnableWebFluxSecurityConfiguration { + /** + * It is necessary to Autowire AuthenticationPrincipalArgumentResolver because it triggers eager loading of + * AuthenticationPrincipalArgumentResolver bean which causes BeanCurrentlyInCreationException + */ + @Autowired + AuthenticationPrincipalArgumentResolver resolver; + } }