Skip to content

Fix WebSecurityCustomizer beans are excluded by WebMvcTest. #48004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix WebSecurityCustomizer beans are excluded by WebMvcTest. #48004

wants to merge 1 commit into from
+5 −1

Conversation

@LumanSuen
Copy link

@LumanSuen LumanSuen commented Nov 10, 2025

See gh-47255

Added org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer as an optional include to enable the loading of the following configurations.

@Configuration
public class WebSecurityCustomizersConfiguration implements WebSecurityCustomizer {
    public void customize(WebSecurity web){
        web.ignoring().requestMatchers("/favicon.ico");
    }
}

However, please note that loading of @Bean definitions is still not supported.

@Configuration
public class WebSecurityCustomizersConfiguration implements WebSecurityCustomizer {
   @Bean
    public WebSecurityCustomizer faviconSecurityCustomizer() {
        return (web) -> web.ignoring().requestMatchers("/favicon.ico");
    }
}

Because @Configuration classes are not loaded by @WebMvcTest, I also can’t directly add Configuration.class to the includes, as that would make the change too extensive.

Therefore, I added org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer in the same way as org.springframework.security.web.SecurityFilterChain.

@LumanSuen
Fix WebSecurityCustomizer beans are excluded by WebMvcTest.
c1125d4 
See spring-projectsgh-47255

Signed-off-by: LumanSuen <luman.suen@outlook.com>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 10, 2025
@wilkinsona
Copy link
Member

wilkinsona commented Nov 11, 2025

Thanks for the PR, @LumanSuen, but this wasn't the right approach following the modularization in 4.0.

@wilkinsona wilkinsona closed this Nov 11, 2025
@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 11, 2025
@LumanSuen LumanSuen deleted the fix/gh-47255 branch November 11, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: declined A suggestion or change that we don't feel we should currently apply

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LumanSuen @wilkinsona @spring-projects-issues