SEC-3063: OnMissingBeanCondition avoid initializing beans

[spring-projects-issues]

Rob Winch (Migrated from SEC-3063) said:

OnMissingBeanCondition should use BeanTypeRegistry.getNamesForType to avoid initializing any beans

[spring-projects-issues]

Phil Webb said:

A Spring Boot user has just hit this and provided a sample project to replicate. See spring-projects/spring-boot#3923.

I think we'll probably need a fix before we can release Spring Boot 1.3

[spring-projects-issues]

Phil Webb said:

Any update on a fix for this? We'll be releasing 1.3.RC1 on Thursday all being well.

[spring-projects-issues]

Rob Winch said:

pwebb Unfortunately there is no update on this at the moment. I have been quite preoccupied with other things. When is the GA release expected?

[spring-projects-issues]

Phil Webb said:

Ideally we'd like to release around the end of October.

[spring-projects-issues]

Rob Winch said:

This is now resolved. The fix was to completely remove ConditionalOnMissingBean from Spring Security to ensure we resolve SEC-3062 too. Now users must define requestDataValueProcessor in the class annotated with @EnableWebSecurity to ensure the custom requestDataValueProcessor is used.

[spring-projects-issues]

This issue relates to #3263