From 2a632a061e63487239856bddd2deb1908233a4b2 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@vmware.com>
Date: Tue, 3 Dec 2013 10:45:25 -0600
Subject: [PATCH] SEC-2377: Hhandle EnableWebSecurity in both child & parent
 ApplicationContext

---
 .../WebSecurityConfiguration.java             |  2 +-
 .../configuration/sec2377/Sec2377Tests.groovy | 38 +++++++++++++++++++
 .../sec2377/a/Sec2377AConfig.java             | 26 +++++++++++++
 .../sec2377/b/Sec2377BConfig.java             | 25 ++++++++++++
 4 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.groovy
 create mode 100644 config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
 create mode 100644 config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
index 8712645e7b..ae715f28c9 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -87,7 +87,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
         if(!hasConfigurers) {
             throw new IllegalStateException("At least one non-null instance of "+ WebSecurityConfigurer.class.getSimpleName()+" must be exposed as a @Bean when using @EnableWebSecurity. Hint try extending "+ WebSecurityConfigurerAdapter.class.getSimpleName());
         }
-        return webSecurity.build();
+        return webSecurity.getOrBuild();
     }
 
     /**
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.groovy
new file mode 100644
index 0000000000..be06cd7650
--- /dev/null
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/Sec2377Tests.groovy
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration.sec2377;
+
+import org.springframework.security.config.annotation.BaseSpringSpec
+import org.springframework.security.config.annotation.web.configuration.sec2377.a.*
+import org.springframework.security.config.annotation.web.configuration.sec2377.b.*
+import org.springframework.web.context.support.AnnotationConfigWebApplicationContext
+
+public class Sec2377Tests extends BaseSpringSpec {
+
+    def "SEC-2377: Error reporting with multiple EnableWebSecurity from other packages"() {
+        when:
+            AnnotationConfigWebApplicationContext parent = new AnnotationConfigWebApplicationContext()
+            parent.register(Sec2377AConfig)
+            parent.refresh()
+
+            AnnotationConfigWebApplicationContext child = new AnnotationConfigWebApplicationContext()
+            child.register(Sec2377BConfig)
+            child.parent = parent
+            child.refresh()
+        then:
+            noExceptionThrown();
+    }
+}
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
new file mode 100644
index 0000000000..5ec4015579
--- /dev/null
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration.sec2377.a;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+@Configuration
+public class Sec2377AConfig extends WebSecurityConfigurerAdapter {
+
+}
diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
new file mode 100644
index 0000000000..8c3d1d66c7
--- /dev/null
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2002-2013 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.config.annotation.web.configuration.sec2377.b;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+@EnableWebSecurity
+@Configuration
+public class Sec2377BConfig {
+
+}