@AutoConfigureMockMvc imports auto-configurations manually

[snicoll]

@AutoConfigureMockMvc has a secure attribute that's true by default. It is possible for the user to set that to false in which case security should not apply.

It is currently implemented using an @Import that is conditional on the property. This makes that a very unusual construct for importing auto-configurations. The side effect is that if you exclude the security auto-configuration in your app (via exclude on @SpringBootApplication) that exclude is ignored, even if #12586 is implemented.

[philwebb]

On hold since if we complete #14227 this should go away

[izeye]

This looks resolved as #14227 which supersedes this has been closed.

[snicoll]

@izeye the flag has been deprecated but it's still honoured and that still loads the security auto-config manually. The purpose of this issue in the next feature release is to remove the deprecated flag and fix this issue for good.

Does that make sense?

[izeye]

@snicoll Sure, I just thought this has been missed accidentally 😄