Improve the problem of BeanPostProcessorChecker and not being able to boot SecurityAutoConfiguration when disabled.

[yu-shiba]

In the current implementation, the following log is output at startup.

2021-11-06 07:31:11.719  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.lognet.springboot.grpc.security.GrpcSecurity@55fee662' of type [org.lognet.springboot.grpc.security.GrpcSecurity] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.734  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'enableGlobalAuthenticationAutowiredConfigurer' of type [org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$EnableGlobalAuthenticationAutowiredConfigurer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.734  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'initializeUserDetailsBeanManagerConfigurer' of type [org.springframework.security.config.annotation.authentication.configuration.InitializeUserDetailsBeanManagerConfigurer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.735  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'initializeAuthenticationProviderBeanManagerConfigurer' of type [org.springframework.security.config.annotation.authentication.configuration.InitializeAuthenticationProviderBeanManagerConfigurer] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.735  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration' of type [org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.736  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration' of type [org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.739  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'authenticationEventPublisher' of type [org.springframework.security.authentication.DefaultAuthenticationEventPublisher] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.742  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'authenticationManagerBuilder' of type [org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration$DefaultPasswordEncoderAuthenticationManagerBuilder] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.755  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.lognet.springboot.grpc.autoconfigure.security.SecurityAutoConfiguration' of type [org.lognet.springboot.grpc.autoconfigure.security.SecurityAutoConfiguration$$EnhancerBySpringCGLIB$$6f6f58f7] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.756  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration' of type [org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.757  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration' of type [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.764  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'socketAddressConverter' of type [org.lognet.springboot.grpc.autoconfigure.GRpcAutoConfiguration$2] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2021-11-06 07:31:11.766  INFO 12824 --- [           main] trationDelegate$BeanPostProcessorChecker : Bean 'spring.security-org.springframework.boot.autoconfigure.security.SecurityProperties' of type [org.springframework.boot.autoconfigure.security.SecurityProperties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)

This is caused by the fact that GrpcSecurity is initialized in GrpcSecurityConfiguration#setFileChainProxySecurityConfigurer and various beans are requested before BeanPostProcessor is created in GrpcSecurityConfiguration#bypassMethodInterceptorForGrpcMethodInvocation.

Also, the problem of not booting when org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration is disabled will be improved.

2021-11-06 07:44:43.103 ERROR 17728 --- [           main] o.s.boot.SpringApplication               : Application run failed

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'resourceHandlerMapping' defined in class path resource [org/springframework/boot/autoconfigure/web/servlet/WebMvcAutoConfiguration$EnableWebMvcConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.servlet.HandlerMapping]: Factory method 'resourceHandlerMapping' threw exception; nested exception is java.lang.IllegalStateException: No ServletContext set
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) ~[spring-context-5.3.12.jar:5.3.12]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) ~[spring-context-5.3.12.jar:5.3.12]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:145) ~[spring-boot-2.5.6.jar:2.5.6]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-2.5.6.jar:2.5.6]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:434) ~[spring-boot-2.5.6.jar:2.5.6]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:338) ~[spring-boot-2.5.6.jar:2.5.6]
	at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:143) ~[spring-boot-2.5.6.jar:2.5.6]
	at org.lognet.springboot.grpc.demo.DemoApp.main(DemoApp.java:22) ~[main/:na]
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.web.servlet.HandlerMapping]: Factory method 'resourceHandlerMapping' threw exception; nested exception is java.lang.IllegalStateException: No ServletContext set
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.12.jar:5.3.12]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.12.jar:5.3.12]
	... 18 common frames omitted
Caused by: java.lang.IllegalStateException: No ServletContext set
	at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.3.12.jar:5.3.12]
	at org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport.resourceHandlerMapping(WebMvcConfigurationSupport.java:591) ~[spring-webmvc-5.3.12.jar:5.3.12]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na]
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
	at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.12.jar:5.3.12]
	... 19 common frames omitted

[codecov]

Codecov Report

Merging #257 (50b4671) into master (1fe4715) will not change coverage.
The diff coverage is 0.00%.

@@            Coverage Diff            @@
##             master     #257   +/-   ##
=========================================
  Coverage     88.36%   88.36%           
  Complexity      315      315           
=========================================
  Files            49       49           
  Lines          1452     1452           
  Branches         83       83           
=========================================
  Hits           1283     1283           
  Misses          134      134           
  Partials         35       35           

Impacted Files	Coverage Δ
...gboot/grpc/security/GrpcSecurityConfiguration.java	80.55% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 38dcfbc...50b4671. Read the comment docs.

[jvmlet]

Thanks @yu-shiba , the is not eligible for getting processed message indeed disappears when using static BeanPostProcessor bypassMethodInterceptorForGrpcMethodInvocation() declaration, but I'm not sure you can disable org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration, it enables SecurityProperties which is required by default UserDetailsService, JWT autoconfiguration also requires it.... I wish spring security team better decouples web and security frameworks ....

[yu-shiba]

Hi, @jvmlet
Thanks for the merge.

This PR started when I investigated an application that could not start after updating to 4.5.9.
As we looked into it, we found that applications that excluded org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration could not start.

SecurityAutoConfiguration in our application because we had built in our own authentication authorization in the past, and now we no longer need to exclude it.

In the process, I found the "is not eligible for getting processed" message and suppressed it, and now it works even if SecurityAutoConfiguration is excluded.

Maybe it was a PR(#209) that was merged before, but the root cause was the same as this problem.

I wish spring security team better decouples web and security frameworks ....

I agree.
I hope it will be improved in Spring Framework 6.x.