From 72eb3065de234808a3ca3eb3174e07bf15e84569 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 17 Jul 2025 17:36:45 -0600
Subject: [PATCH] Remove AuthorizationWebProxyConfiguration From Reactive

Closes gh-17545
---
 .../ReactiveMethodSecuritySelector.java       |  6 --
 ...ctiveMethodSecurityConfigurationTests.java | 61 -------------------
 2 files changed, 67 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
index 8bf18bf3eb..2bc7097f9e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
@@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
 	private static final boolean isDataPresent = ClassUtils
 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null);
 
-	private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange",
-			null);
-
 	private static final boolean isObservabilityPresent = ClassUtils
 		.isPresent("io.micrometer.observation.ObservationRegistry", null);
 
@@ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
 		if (isDataPresent) {
 			imports.add(AuthorizationProxyDataConfiguration.class.getName());
 		}
-		if (isWebPresent) {
-			imports.add(AuthorizationProxyWebConfiguration.class.getName());
-		}
 		if (isObservabilityPresent) {
 			imports.add(ReactiveMethodObservationConfiguration.class.getName());
 		}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
index 32e08c166a..c5ca582147 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
@@ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Role;
-import org.springframework.http.HttpStatusCode;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.Secured;
@@ -67,7 +65,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.stereotype.Component;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.web.servlet.ModelAndView;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -364,48 +361,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
 	}
 
-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedResponseEntityThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedModelAndViewThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
 	@Test
 	@WithMockUser(authorities = "seating:read")
 	public void findAllWhenUnauthorizedResultThenDenies() {
@@ -769,22 +724,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
 			return Mono.empty();
 		}
 
-		Mono<ResponseEntity<Flight>> webFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(ResponseEntity.notFound().build());
-			}
-			return Mono.just(ResponseEntity.ok(flight));
-		}
-
-		Mono<ModelAndView> webViewFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404)));
-			}
-			return Mono.just(new ModelAndView("flights", Map.of("flight", flight)));
-		}
-
 	}
 
 	@AuthorizeReturnObject