Lazily create Throwables

[imperatorx]

Summary

Running a hello world benchmark with an anonymous authentication set up (so an authentication is present, and the authentication has access to the controller method) still causes Spring security to fill useless stack traces in ReactiveAuthorizationManager.java

Actual Behavior

The following part is called at the Mono pipeline construction time, so a stack trace gets created.

	.switchIfEmpty( Mono.error(new AccessDeniedException("Access Denied")) )

Expected Behavior

The part should be deferred, this way the stack trace gets only created in case the pipeline is indeed empty (no authentication from upstream source flowing down)

	.switchIfEmpty( Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))) )

Configuration

Strandard Spring Boot RC2 with a web filter to create an anonymous authentication token

Version

5.0.2.RELEASE

Sample

[rwinch]

Thanks for the report @imperatorx! This is fixed in master and we will be releasing 5.0.3 this week in time for Spring Boot 2.0.0.RELEASE

[rwinch]

@imperatorx Spring Security 5.0.3 (which contains a fix for this) is now in Maven Central

[imperatorx]

Thank you, now I can see a 25% performance increase