spring-projects · jzheaux · Nov 20, 2024 · Nov 20, 2024 · Nov 17, 2024
diff --git a/.../springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java b/.../springframework/security/config/annotation/rsocket/ReactiveObservationConfiguration.java
@@ -45,7 +45,7 @@ class ReactiveObservationConfiguration {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	static ObjectPostProcessor<ReactiveAuthorizationManager<ServerWebExchange>> webAuthorizationManagerPostProcessor(
+	static ObjectPostProcessor<ReactiveAuthorizationManager<ServerWebExchange>> rSocketAuthorizationManagerPostProcessor(
 			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
 		return new ObjectPostProcessor<>() {
 			@Override
@@ -59,7 +59,7 @@ public ReactiveAuthorizationManager postProcess(ReactiveAuthorizationManager obj
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	static ObjectPostProcessor<ReactiveAuthenticationManager> authenticationManagerPostProcessor(
+	static ObjectPostProcessor<ReactiveAuthenticationManager> rSocketAuthenticationManagerPostProcessor(
 			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
 		return new ObjectPostProcessor<>() {
 			@Override
@@ -73,7 +73,7 @@ public ReactiveAuthenticationManager postProcess(ReactiveAuthenticationManager o
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	static ObjectPostProcessor<WebFilterChainDecorator> filterChainDecoratorPostProcessor(
+	static ObjectPostProcessor<WebFilterChainDecorator> rSocketFilterChainDecoratorPostProcessor(
 			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
 		return new ObjectPostProcessor<>() {
 			@Override

diff --git a/...ingframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java b/...ingframework/security/config/annotation/web/socket/WebSocketObservationConfiguration.java
@@ -41,7 +41,7 @@ class WebSocketObservationConfiguration {
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
-	static ObjectPostProcessor<AuthorizationManager<Message<?>>> webAuthorizationManagerPostProcessor(
+	static ObjectPostProcessor<AuthorizationManager<Message<?>>> webSocketAuthorizationManagerPostProcessor(
 			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
 		return new ObjectPostProcessor<>() {
 			@Override

diff --git a/...curity/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java b/...curity/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
@@ -68,6 +68,7 @@
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
 import org.springframework.security.config.observation.SecurityObservationSettings;
 import org.springframework.security.core.Authentication;
@@ -438,6 +439,12 @@ public void sendMessageWhenExcludeAuthorizationObservationsThenUnobserved() {
 		verifyNoInteractions(observationHandler);
 	}
 
+	// gh-16011
+	@Test
+	public void enableWebSocketSecurityWhenWebSocketSecurityUsedThenAutowires() {
+		loadConfig(WithWebSecurity.class);
+	}
+
 	private void assertHandshake(HttpServletRequest request) {
 		TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class);
 		assertThatCsrfToken(handshakeHandler.attributes.get(CsrfToken.class.getName())).isEqualTo(this.token);
@@ -489,6 +496,7 @@ private <T extends MessageChannel> T clientInboundChannel() {
 
 	private void loadConfig(Class<?>... configs) {
 		this.context = new AnnotationConfigWebApplicationContext();
+		this.context.setAllowBeanDefinitionOverriding(false);
 		this.context.register(configs);
 		this.context.setServletConfig(new MockServletConfig());
 		this.context.refresh();
@@ -939,6 +947,13 @@ TestHandshakeHandler testHandshakeHandler() {
 
 	}
 
+	@Configuration(proxyBeanMethods = false)
+	@EnableWebSecurity
+	@Import(WebSocketSecurityConfig.class)
+	static class WithWebSecurity {
+
+	}
+
 	@Configuration
 	static class SyncExecutorConfig {