Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep annotations for merged classes for WebSecurityConfigurerAdapter recipe (Spring Security 5.4) #652

Merged
merged 2 commits into from
Dec 23, 2024
Merged

Keep annotations for merged classes for WebSecurityConfigurerAdapter recipe (Spring Security 5.4) #652

merged 2 commits into from
Dec 23, 2024

Conversation

jevanlingen
Copy link
Contributor

What's changed?

Currently al annotations on the class, when converting

@Configuration
@AllOtherAnnotations
public static class SomeSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { .. }

to

@Bean
SecurityFilterChain someSecurityFilterChain(HttpSecurity http) throws Exception { .. }

, are dropped.

This PR lets them keep them:

@Bean
@AllOtherAnnotations
SecurityFilterChain someSecurityFilterChain(HttpSecurity http) throws Exception { .. }

What's your motivation?

Just dropping the annotations can lead to serious bugs. For example, if a @ConditionalOnProperty annotation has been used, dropping it means different behaviour from the application.

Checklist

  • I've added unit tests to cover both positive and negative cases
  • I've read and applied the recipe conventions and best practices
  • I've used the IntelliJ IDEA auto-formatter on affected files

@jevanlingen jevanlingen added the bug Something isn't working label Dec 23, 2024
@jevanlingen jevanlingen self-assigned this Dec 23, 2024
jevanlingen
jevanlingen commented Dec 23, 2024
View reviewed changes
src/main/java/org/openrewrite/java/spring/security5/WebSecurityConfigurerAdapter.java
@@ -144,15 +143,7 @@ public TreeVisitor<?, ExecutionContext> getVisitor() {
}
// only applicable to former subclasses of WebSecurityConfigurerAdapter - other classes won't be flattened
classesToFlatten.add(classDecl);
// Remove imports for annotations being removed together with class declaration
// It is impossible in the general case to tell whether some of these annotations might apply to the bean methods
Copy link
Contributor Author

@jevanlingen jevanlingen Dec 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though this comment is true, choosing to not do anything with the annotations is a wrong move. This can lead to bugs, as I have shown in the description of this PR. It's better/safer to copy them and hope for the best 🤞🏻.

timtebeek
timtebeek approved these changes Dec 23, 2024
View reviewed changes
Copy link
Contributor

@timtebeek timtebeek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great to see this added & resolved quickly!

@timtebeek timtebeek merged commit 8328caa into main Dec 23, 2024
2 checks passed
@timtebeek timtebeek deleted the fix-ConditionalOnProperty-lost-after-WebSecurityConfigurerAdapter-run branch December 23, 2024 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timtebeek timtebeek timtebeek approved these changes

@nielsdebruin nielsdebruin Awaiting requested review from nielsdebruin

Assignees

@jevanlingen jevanlingen

Labels
bug Something isn't working recipe Recipe requested spring-security
Projects
OpenRewrite
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jevanlingen @timtebeek