diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java index d4db2e1046..21f4dc203e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,6 +48,7 @@ import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.HandlerMappingIntrospectorRequestTransformer; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; +import org.springframework.security.web.debug.DebugFilter; import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.RequestRejectedHandler; import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver; @@ -323,6 +324,9 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex if (filter instanceof FilterChainProxy fcp) { return fcp; } + if (filter instanceof DebugFilter debugFilter) { + return debugFilter.getFilterChainProxy(); + } } throw new IllegalStateException("Couldn't find FilterChainProxy in " + filters); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java index 85670dc017..19bd2c8fa4 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,6 +35,7 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatNoException; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; @@ -56,6 +57,12 @@ public class EnableWebSecurityTests { this.spring.getContext().getBean("springSecurityFilterChain", DebugFilter.class); } + // gh-14370 + @Test + public void loadConfigWhenEnableWebMvcDebugConfigThenContextIsBuilt() { + assertThatNoException().isThrownBy(() -> this.spring.register(EnableWebMvcDebugConfig.class).autowire()); + } + @Test public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); @@ -86,6 +93,13 @@ public class EnableWebSecurityTests { assertThat(parentBean.getChild()).isNotSameAs(childBean); } + @Configuration + @EnableWebMvc + @EnableWebSecurity(debug = true) + static class EnableWebMvcDebugConfig { + + } + @Configuration static class ChildSecurityConfig extends DebugSecurityConfig {