Fix FilterChainProxy cannot be found when @EnableWebSecurity(debug = true)

Closes gh-14370
2023-12-26 13:52:24 +08:00 · 2023-12-26 13:52:24 +08:00 · 7cd626fe25
parent 364bc10e78
commit 7cd626fe25
2 changed files with 20 additions and 2 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -48,6 +48,7 @@ import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer;
 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
+import org.springframework.security.web.debug.DebugFilter;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.RequestRejectedHandler;
 import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
@ -323,6 +324,9 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
 				if (filter instanceof FilterChainProxy fcp) {
 					return fcp;
 				}
+				if (filter instanceof DebugFilter debugFilter) {
+					return debugFilter.getFilterChainProxy();
+				}
 			}
 			throw new IllegalStateException("Couldn't find FilterChainProxy in " + filters);
 		}
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -35,6 +35,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@ -56,6 +57,12 @@ public class EnableWebSecurityTests {
 		this.spring.getContext().getBean("springSecurityFilterChain", DebugFilter.class);
 	}

+	// gh-14370
+	@Test
+	public void loadConfigWhenEnableWebMvcDebugConfigThenContextIsBuilt() {
+		assertThatNoException().isThrownBy(() -> this.spring.register(EnableWebMvcDebugConfig.class).autowire());
+	}
+
 	@Test
 	public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception {
 		this.spring.register(AuthenticationPrincipalConfig.class).autowire();
@ -86,6 +93,13 @@ public class EnableWebSecurityTests {
 		assertThat(parentBean.getChild()).isNotSameAs(childBean);
 	}

+	@Configuration
+	@EnableWebMvc
+	@EnableWebSecurity(debug = true)
+	static class EnableWebMvcDebugConfig {
+
+	}
+
 	@Configuration
 	static class ChildSecurityConfig extends DebugSecurityConfig {