Skip actuator security autoconfig if resource server autoconfig is active

spring-boot-project/spring-boot-actuator-autoconfigure/pom.xml

@@ -556,6 +556,16 @@
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-resource-server</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-jose</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>org.yaml</groupId>
 			<artifactId>snakeyaml</artifactId>

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java

@@ -31,6 +31,7 @@
 import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration;
 import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
@@ -117,6 +118,22 @@ public void backsOffIfCustomSecurityIsAdded() {
 				});
 	}
 
+	@Test
+	public void backsOffIfReactiveOAuth2ResourceServerAutoConfigurationSecurityIsAdded() {
+		this.contextRunner
+				.withConfiguration(AutoConfigurations
+						.of(ReactiveOAuth2ResourceServerAutoConfiguration.class))
+				.withPropertyValues(
+						"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://authserver")
+				.run((context) -> {
+					assertThat(
+							getAuthenticateHeader(context, "/actuator/health").toString())
+									.contains("Bearer");
+					assertThat(getAuthenticateHeader(context, "/anything").toString())
+							.contains("Bearer");
+				});
+	}
+
 	@Test
 	public void backsOffWhenWebFilterChainProxyBeanPresent() {
 		this.contextRunner.withUserConfiguration(WebFilterChainProxyConfiguration.class)

spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java

@@ -17,6 +17,7 @@
 package org.springframework.boot.actuate.autoconfigure.security.servlet;
 
 import java.io.IOException;
+import java.util.List;
 
 import org.junit.Test;
 
@@ -27,10 +28,12 @@
 import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration;
 import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration;
 import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
 import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -106,8 +109,36 @@ public void backOffIfCustomSecurityIsAdded() {
 				});
 	}
 
+	@Test
+	public void backOffIfOAuth2ResourceServerAutoConfigurationSecurityIsAdded() {
+		this.contextRunner
+				.withConfiguration(AutoConfigurations
+						.of(OAuth2ResourceServerAutoConfiguration.class))
+				.withPropertyValues(
+						"spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://authserver")
+				.run((context) -> {
+					assertThat(
+							getAuthenticateHeader(context, "/actuator/info").toString())
+									.contains("Bearer");
+					assertThat(getAuthenticateHeader(context, "/anything").toString())
+							.contains("Bearer");
+				});
+	}
+
+	private List<String> getAuthenticateHeader(AssertableWebApplicationContext context,
+			String path) throws IOException, javax.servlet.ServletException {
+		MockHttpServletResponse response = getResponse(context, path);
+		return response.getHeaders(HttpHeaders.WWW_AUTHENTICATE);
+	}
+
 	private HttpStatus getResponseStatus(AssertableWebApplicationContext context,
 			String path) throws IOException, javax.servlet.ServletException {
+		MockHttpServletResponse response = getResponse(context, path);
+		return HttpStatus.valueOf(response.getStatus());
+	}
+
+	private MockHttpServletResponse getResponse(AssertableWebApplicationContext context,
+			String path) throws IOException, javax.servlet.ServletException {
 		FilterChainProxy filterChainProxy = context.getBean(FilterChainProxy.class);
 		MockServletContext servletContext = new MockServletContext();
 		MockHttpServletResponse response = new MockHttpServletResponse();
@@ -117,7 +148,7 @@ private HttpStatus getResponseStatus(AssertableWebApplicationContext context,
 		request.setServletPath(path);
 		request.setMethod("GET");
 		filterChainProxy.doFilter(request, response, new MockFilterChain());
-		return HttpStatus.valueOf(response.getStatus());
+		return response;
 	}
 
 	@Configuration