Allow Saml2LoginConfiguration to be "unconfigured"

If a `RelyingPartyRegistrationRepository.class` bean is detected, Spring Boot will automatically configure a `WebSecurityConfigurerAdapter` through the `org.springframework.boot.autoconfigure.security.saml2.Saml2LoginConfiguration` class.

If a developer wants to provide their own `WebSecurityConfigurerAdapter` the only option today is to create a secondary one, and override the `@Order` to become first in queue. 

*Expected Behavior*

If a user provides a `WebSecurityConfigurerAdapter`, there is no need for Spring Boot to do it.

@mbhave FYI

PS. One possible solution, as we discussed, is to have a `@ConditionalOnMissingBean` like [`OAuth2WebSecurityConfiguration`](https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java#L54-L56)

```
@Configuration(proxyBeanMethods = false)
@ConditionalOnBean(ClientRegistrationRepository.class)
class OAuth2WebSecurityConfiguration {
...
	@Configuration(proxyBeanMethods = false)
	@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
	static class OAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
...



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Allow Saml2LoginConfiguration to be "unconfigured" #18530

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow Saml2LoginConfiguration to be "unconfigured" #18530

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions