Merge branch '6.5.x'

Author: jzheaux

config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java

@@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
 	private static final boolean isDataPresent = ClassUtils
 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null);
 
-	private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange",
-			null);
-
 	private static final boolean isObservabilityPresent = ClassUtils
 		.isPresent("io.micrometer.observation.ObservationRegistry", null);
 
@@ -64,9 +61,6 @@ public String[] selectImports(AnnotationMetadata importMetadata) {
 		if (isDataPresent) {
 			imports.add(AuthorizationProxyDataConfiguration.class.getName());
 		}
-		if (isWebPresent) {
-			imports.add(AuthorizationProxyWebConfiguration.class.getName());
-		}
 		if (isObservabilityPresent) {
 			imports.add(ReactiveMethodObservationConfiguration.class.getName());
 		}

config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java

@@ -40,8 +40,6 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Role;
-import org.springframework.http.HttpStatusCode;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.Secured;
@@ -66,7 +64,6 @@
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.stereotype.Component;
 import org.springframework.test.context.junit.jupiter.SpringExtension;
-import org.springframework.web.servlet.ModelAndView;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -363,48 +360,6 @@ public void findByIdWhenUnauthorizedResultThenDenies() {
 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
 	}
 
-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedResponseEntityThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = flights.webFindById("1").block().getBody();
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-	}
-
-	@Test
-	@WithMockUser(authorities = "airplane:read")
-	public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
-	@Test
-	@WithMockUser(authorities = "seating:read")
-	public void findByIdWhenUnauthorizedModelAndViewThenDenies() {
-		this.spring.register(AuthorizeResultConfig.class).autowire();
-		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
-		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
-		assertThatNoException().isThrownBy(() -> flight.getSeats().block());
-		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
-		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
-	}
-
 	@Test
 	@WithMockUser(authorities = "seating:read")
 	public void findAllWhenUnauthorizedResultThenDenies() {
@@ -752,22 +707,6 @@ Mono<Void> remove(String id) {
 			return Mono.empty();
 		}
 
-		Mono<ResponseEntity<Flight>> webFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(ResponseEntity.notFound().build());
-			}
-			return Mono.just(ResponseEntity.ok(flight));
-		}
-
-		Mono<ModelAndView> webViewFindById(String id) {
-			Flight flight = this.flights.get(id);
-			if (flight == null) {
-				return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404)));
-			}
-			return Mono.just(new ModelAndView("flights", Map.of("flight", flight)));
-		}
-
 	}
 
 	@AuthorizeReturnObject