Merge branch '6.5.x'

2025-10-24 19:28:45 +00:00 · 2025-07-17 18:04:52 -06:00 · 2025-07-17 18:04:52 -06:00 · 25f69e92c7
commit 25f69e92c7
parent a2d687f78b 72eb3065de
2 changed files with 0 additions and 67 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
 	private static final boolean isDataPresent = ClassUtils
 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null);

-	private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange",
-			null);
-
 	private static final boolean isObservabilityPresent = ClassUtils
 		.isPresent("io.micrometer.observation.ObservationRegistry", null);

@ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
 		if (isDataPresent) {
 			imports.add(AuthorizationProxyDataConfiguration.class.getName());
 		}
-		if (isWebPresent) {
-			imports.add(AuthorizationProxyWebConfiguration.class.getName());
-		}
 		if (isObservabilityPresent) {
 			imports.add(ReactiveMethodObservationConfiguration.class.getName());
 		}
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
@ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Role;
-import org.springframework.http.HttpStatusCode;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.Secured;
@ -66,7 +64,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.stereotype.Component;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.web.servlet.ModelAndView;

 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -363,48 +360,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
 	}

-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedResponseEntityThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedModelAndViewThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
 	@Test
 	@WithMockUser(authorities = "seating:read")
 	public void findAllWhenUnauthorizedResultThenDenies() {
@ -752,22 +707,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
 			return Mono.empty();
 		}

-		Mono<ResponseEntity<Flight>> webFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(ResponseEntity.notFound().build());
-			}
-			return Mono.just(ResponseEntity.ok(flight));
-		}
-
-		Mono<ModelAndView> webViewFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404)));
-			}
-			return Mono.just(new ModelAndView("flights", Map.of("flight", flight)));
-		}
-
 	}

 	@AuthorizeReturnObject