Configure ContentNegotiationStrategy in HttpSecurityConfiguration

Closes gh-11916
2025-07-25 11:43:29 +00:00 · 2022-09-28 15:41:20 -03:00 · 2022-09-28 15:41:20 -03:00 · cf3349f31a
commit cf3349f31a
parent 506e50bfd0
2 changed files with 46 additions and 0 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@ -38,6 +38,8 @@ import org.springframework.security.config.annotation.web.configurers.DefaultLog
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;
 import static org.springframework.security.config.Customizer.withDefaults;
@ -65,6 +67,8 @@ class HttpSecurityConfiguration {
 	private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
 			.getContextHolderStrategy();
 	private ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
 	@Autowired
 	void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor) {
 		this.objectPostProcessor = objectPostProcessor;
@ -89,6 +93,11 @@ class HttpSecurityConfiguration {
 		this.securityContextHolderStrategy = securityContextHolderStrategy;
 	}
 	@Autowired(required = false)
 	void setContentNegotiationStrategy(ContentNegotiationStrategy contentNegotiationStrategy) {
 		this.contentNegotiationStrategy = contentNegotiationStrategy;
 	}
 	@Bean(HTTPSECURITY_BEAN_NAME)
 	@Scope("prototype")
 	HttpSecurity httpSecurity() throws Exception {
@ -143,6 +152,7 @@ class HttpSecurityConfiguration {
 	private Map<Class<?>, Object> createSharedObjects() {
 		Map<Class<?>, Object> sharedObjects = new HashMap<>();
 		sharedObjects.put(ApplicationContext.class, this.context);
 		sharedObjects.put(ContentNegotiationStrategy.class, this.contentNegotiationStrategy);
 		return sharedObjects;
 	}
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
@ -60,12 +60,16 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.request.NativeWebRequest;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
@ -311,6 +315,14 @@ public class HttpSecurityConfigurationTests {
 		assertThat(configurer.configure).isTrue();
 	}
 	@Test
 	public void getWhenCustomContentNegotiationStrategyThenUses() throws Exception {
 		this.spring.register(CustomContentNegotiationStrategyConfig.class).autowire();
 		this.mockMvc.perform(get("/"));
 		verify(CustomContentNegotiationStrategyConfig.CNS, atLeastOnce())
 				.resolveMediaTypes(any(NativeWebRequest.class));
 	}
 	@RestController
 	static class NameController {
@ -489,6 +501,30 @@ public class HttpSecurityConfigurationTests {
 	}
 	@Configuration
 	@EnableWebSecurity
 	static class CustomContentNegotiationStrategyConfig {
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
 					.authorizeHttpRequests((requests) -> requests
 							.anyRequest().authenticated()
 					);
 			// @formatter:on
 			return http.build();
 		}
 		static ContentNegotiationStrategy CNS = mock(ContentNegotiationStrategy.class);
 		@Bean
 		static ContentNegotiationStrategy cns() {
 			return CNS;
 		}
 	}
 	static class DefaultConfigurer extends AbstractHttpConfigurer<DefaultConfigurer, HttpSecurity> {
 		boolean init;