jamesfredley commented on code in PR #1205:
URL:
https://github.com/apache/grails-spring-security/pull/1205#discussion_r2829737206
##########
plugin-core/plugin/src/main/groovy/grails/plugin/springsecurity/SecurityAutoConfigurationExcluder.groovy:
##########
@@ -38,6 +40,16 @@ import
org.springframework.boot.autoconfigure.AutoConfigurationMetadata
* automatically filtering them out during Spring Boot's auto-configuration
* discovery phase.</p>
*
+ * <p>To disable this filter and allow Spring Boot's security
auto-configurations
Review Comment:
This is already documented in three places:
1. **Plugin installation guide**
(`plugin-core/docs/src/docs/introduction/installation.adoc`, lines 75-87) -
added in commit `65881578`
2. **Miscellaneous properties table**
(`plugin-core/docs/src/docs/miscProperties.adoc`) - added the
`excludeSpringSecurityAutoConfiguration` property with default value and
cross-reference to the installation section (just pushed in `9656c948`)
3. **README.md** - added in commit `d9e4337d`
All three were part of this PR before the review.
##########
plugin-core/plugin/src/test/groovy/grails/plugin/springsecurity/SecurityAutoConfigurationExcluderSpec.groovy:
##########
@@ -147,6 +148,59 @@ class SecurityAutoConfigurationExcluderSpec extends
Specification {
thrown(UnsupportedOperationException)
}
+ def "match allows all auto-configurations when disabled via environment
property"() {
Review Comment:
Added in `9656c948`:
1. **Integration test in the plugin repo**
(`SecurityAutoConfigurationExcluderIntegrationSpec`) - runs in the
`core-examples-integration-test-app` with the full Grails context. Verifies the
excluder is on the classpath, `SecurityAutoConfiguration` and
`SecurityFilterAutoConfiguration` beans are NOT registered, no duplicate
`SecurityFilterChain` beans, and only the plugin's `UserDetailsService` is
active. All 5 assertions pass.
2. **External sample app** with two integration test specs:
- `SecurityAutoConfigExclusionSpec` (6 tests) - proves auto-configs are
excluded by default
- `SecurityAutoConfigOptOutDisabledSpec` (1 test) - proves setting
`excludeSpringSecurityAutoConfiguration: false` lets
`SecurityAutoConfiguration` through (confirming the `EnvironmentAware` opt-out
works)
App:
https://github.com/jamesfredley/grails-spring-security-autoconfig-exclusion
(uses locally-built `7.0.2-SNAPSHOT` from this PR branch via `mavenLocal()`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
