Disable bean proxying in configuration classes

eleftherias · rwinch · commit 1ec040e55460 · 2019-06-10T20:40:06.000-05:00
Fixes gh-6967
diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
@@ -57,7 +57,7 @@
  * @since 3.2
  *
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 @Import(ObjectPostProcessorConfiguration.class)
 public class AuthenticationConfiguration {
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/configuration/ObjectPostProcessorConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@
  * @author Rob Winch
  * @since 3.2
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 public class ObjectPostProcessorConfiguration {
 
 	@Bean
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -79,7 +79,7 @@
  * @since 3.2
  * @see EnableGlobalMethodSecurity
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 public class GlobalMethodSecurityConfiguration
 		implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
 	private static final Log logger = LogFactory
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +19,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
 
-@Configuration
+@Configuration(proxyBeanMethods = false)
 class Jsr250MetadataSourceConfiguration {
 
 	@Bean
diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
@@ -38,7 +38,7 @@
  * @author Tadaya Tsuyukubo
  * @since 5.0
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 class ReactiveMethodSecurityConfiguration implements ImportAware {
 	private int advisorOrder;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfiguration.java
@@ -58,7 +58,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 		}
 	}
 
-	@Configuration
+	@Configuration(proxyBeanMethods = false)
 	static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer {
 		private ClientRegistrationRepository clientRegistrationRepository;
 		private OAuth2AuthorizedClientRepository authorizedClientRepository;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -63,7 +63,7 @@
  * @author Keesun Baik
  * @since 3.2
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAware {
 	private WebSecurity webSecurity;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientImportSelector.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) {
 			new String[] {};
 	}
 
-	@Configuration
+	@Configuration(proxyBeanMethods = false)
 	static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {
 		private ReactiveClientRegistrationRepository clientRegistrationRepository;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -42,7 +42,7 @@
  * @author Dan Zheng
  * @since 5.0
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 class ServerHttpSecurityConfiguration {
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration.";
 	private static final String HTTPSECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "httpSecurity";
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -38,7 +38,7 @@
  * @author Rob Winch
  * @since 5.0
  */
-@Configuration
+@Configuration(proxyBeanMethods = false)
 class WebFluxSecurityConfiguration {
 	public static final int WEB_FILTER_CHAIN_FILTER_ORDER = 0 - 100;
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 import java.util.List;
 
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
 import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;
@@ -37,6 +38,7 @@
  * @author Rob Winch
  * @since 3.2
  */
+@Configuration(proxyBeanMethods = false)
 @EnableWebSecurity
 public class WebMvcSecurityConfiguration implements WebMvcConfigurer {
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java
@@ -542,7 +542,7 @@ public void getAuthenticationManagerWhenAuthenticationConfigurationSubclassedThe
 				.isInstanceOf(AlreadyBuiltException.class);
 	}
 
-	@Configuration(proxyBeanMethods = false)
+	@Configuration
 	static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration {
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthenticationTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,26 +17,30 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+import org.junit.Rule;
 import org.junit.Test;
-import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.security.config.test.SpringTestRule;
 
 /**
  *
  * @author Rob Winch
  *
  */
-@RunWith(SpringJUnit4ClassRunner.class)
 public class EnableGlobalAuthenticationTests {
-	@Autowired
-	AuthenticationConfiguration auth;
+	@Rule
+	public final SpringTestRule spring = new SpringTestRule();
 
 	// gh-4086
 	@Test
 	public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception {
+		this.spring.register(Config.class).autowire();
+
+		AuthenticationConfiguration auth = spring.getContext().getBean(AuthenticationConfiguration.class);
+
 		assertThat(auth.getAuthenticationManager()).isNotNull();
 	}
 
@@ -50,4 +54,67 @@ public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
 		}
 	}
 
+	@Test
+	public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
+		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isSameAs(childBean);
+	}
+
+	@EnableGlobalAuthentication
+	static class BeanProxyEnabledByDefaultConfig {
+		@Bean
+		public Child child() {
+			return new Child();
+		}
+
+		@Bean
+		public Parent parent() {
+			return new Parent(child());
+		}
+	}
+
+	@Test
+	public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
+		this.spring.register(BeanProxyDisabledConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isNotSameAs(childBean);
+	}
+
+	@Configuration(proxyBeanMethods = false)
+	@EnableGlobalAuthentication
+	static class BeanProxyDisabledConfig {
+		@Bean
+		public Child child() {
+			return new Child();
+		}
+
+		@Bean
+		public Parent parent() {
+			return new Parent(child());
+		}
+	}
+
+	static class Parent {
+		private Child child;
+
+		Parent(Child child) {
+			this.child = child;
+		}
+
+		public Child getChild() {
+			return child;
+		}
+	}
+
+	static class Child {
+		Child() {
+		}
+	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
@@ -557,7 +557,7 @@ public void emptyPrefixRoleUser() {}
 
 	@Test
 	public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
-		this.spring.register(CustomMetadataSourceProxylessConfig.class).autowire();
+		this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
 		MethodSecurityInterceptor methodInterceptor =
 				(MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);
 		MethodSecurityMetadataSource methodSecurityMetadataSource =
@@ -567,7 +567,7 @@ public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled(
 	}
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
-	@Configuration(proxyBeanMethods = false)
-	public static class CustomMetadataSourceProxylessConfig extends GlobalMethodSecurityConfiguration {
+	@Configuration
+	public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
@@ -89,7 +89,7 @@ GrantedAuthorityDefaults grantedAuthorityDefaults() {
 	}
 
 	@Test
-	public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisabled() {
+	public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() {
 		this.spring.register(SubclassConfig.class).autowire();
 
 		TestingAuthenticationToken authentication = new TestingAuthenticationToken(
@@ -105,7 +105,7 @@ public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisable
 		assertThat(root.hasRole("ABC")).isTrue();
 	}
 
-	@Configuration(proxyBeanMethods = false)
+	@Configuration
 	static class SubclassConfig extends ReactiveMethodSecurityConfiguration {
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -122,4 +122,68 @@ String principal(@AuthenticationPrincipal String principal) {
 			}
 		}
 	}
+
+	@Test
+	public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
+		this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isSameAs(childBean);
+	}
+
+	@EnableWebSecurity
+	static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter {
+		@Bean
+		public Child child() {
+			return new Child();
+		}
+
+		@Bean
+		public Parent parent() {
+			return new Parent(child());
+		}
+	}
+
+	@Test
+	public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
+		this.spring.register(BeanProxyDisabledConfig.class).autowire();
+
+		Child childBean = this.spring.getContext().getBean(Child.class);
+		Parent parentBean = this.spring.getContext().getBean(Parent.class);
+
+		assertThat(parentBean.getChild()).isNotSameAs(childBean);
+	}
+
+	@Configuration(proxyBeanMethods = false)
+	@EnableWebSecurity
+	static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter {
+		@Bean
+		public Child child() {
+			return new Child();
+		}
+
+		@Bean
+		public Parent parent() {
+			return new Parent(child());
+		}
+	}
+
+	static class Parent {
+		private Child child;
+
+		Parent(Child child) {
+			this.child = child;
+		}
+
+		public Child getChild() {
+			return child;
+		}
+	}
+
+	static class Child {
+		Child() {
+		}
+	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
@@ -406,7 +406,7 @@ public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationTh
 	}
 
 	@Test
-	public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() {
+	public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
 		this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class).autowire();
 
 		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
@@ -415,7 +415,7 @@ public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() {
 		assertThat(filterChains).hasSize(4);
 	}
 
-	@Configuration(proxyBeanMethods = false)
+	@Configuration
 	static class SubclassConfig extends WebSecurityConfiguration {
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationTest.java
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfigurationTests.java

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@`
`57`	`57`	`* @since 3.2`
`58`	`58`	`*`
`59`	`59`	`*/`
`60`		`-@Configuration`
	`60`	`+@Configuration(proxyBeanMethods = false)`
`61`	`61`	`@Import(ObjectPostProcessorConfiguration.class)`
`62`	`62`	`public class AuthenticationConfiguration {`
`63`	`63`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) {`
`58`	`58`	`}`
`59`	`59`	`}`
`60`	`60`
`61`		`- @Configuration`
	`61`	`+ @Configuration(proxyBeanMethods = false)`
`62`	`62`	`static class OAuth2ClientWebMvcSecurityConfiguration implements WebMvcConfigurer {`
`63`	`63`	`private ClientRegistrationRepository clientRegistrationRepository;`
`64`	`64`	`private OAuth2AuthorizedClientRepository authorizedClientRepository;`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2018 the original author or authors.`
	`2`	`+ * Copyright 2002-2019 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -52,7 +52,7 @@ public String[] selectImports(AnnotationMetadata importingClassMetadata) {`
`52`	`52`	`new String[] {};`
`53`	`53`	`}`
`54`	`54`
`55`		`- @Configuration`
	`55`	`+ @Configuration(proxyBeanMethods = false)`
`56`	`56`	`static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {`
`57`	`57`	`private ReactiveClientRegistrationRepository clientRegistrationRepository;`
`58`	`58`
Original file line number	Diff line number	Diff line change
`@@ -542,7 +542,7 @@ public void getAuthenticationManagerWhenAuthenticationConfigurationSubclassedThe`
`542`	`542`	`.isInstanceOf(AlreadyBuiltException.class);`
`543`	`543`	`}`
`544`	`544`
`545`		`- @Configuration(proxyBeanMethods = false)`
	`545`	`+ @Configuration`
`546`	`546`	`static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration {`
`547`	`547`	`}`
`548`	`548`	`}`
Original file line number	Diff line number	Diff line change
`@@ -557,7 +557,7 @@ public void emptyPrefixRoleUser() {}`
`557`	`557`
`558`	`558`	`@Test`
`559`	`559`	`public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {`
`560`		`- this.spring.register(CustomMetadataSourceProxylessConfig.class).autowire();`
	`560`	`+ this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();`
`561`	`561`	`MethodSecurityInterceptor methodInterceptor =`
`562`	`562`	`(MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);`
`563`	`563`	`MethodSecurityMetadataSource methodSecurityMetadataSource =`
`@@ -567,7 +567,7 @@ public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled(`
`567`	`567`	`}`
`568`	`568`
`569`	`569`	`@EnableGlobalMethodSecurity(prePostEnabled = true)`
`570`		`- @Configuration(proxyBeanMethods = false)`
`571`		`- public static class CustomMetadataSourceProxylessConfig extends GlobalMethodSecurityConfiguration {`
	`570`	`+ @Configuration`
	`571`	`+ public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {`
`572`	`572`	`}`
`573`	`573`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ GrantedAuthorityDefaults grantedAuthorityDefaults() {`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`@Test`
`92`		`- public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisabled() {`
	`92`	`+ public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() {`
`93`	`93`	`this.spring.register(SubclassConfig.class).autowire();`
`94`	`94`
`95`	`95`	`TestingAuthenticationToken authentication = new TestingAuthenticationToken(`
`@@ -105,7 +105,7 @@ public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisable`
`105`	`105`	`assertThat(root.hasRole("ABC")).isTrue();`
`106`	`106`	`}`
`107`	`107`
`108`		`- @Configuration(proxyBeanMethods = false)`
	`108`	`+ @Configuration`
`109`	`109`	`static class SubclassConfig extends ReactiveMethodSecurityConfiguration {`
`110`	`110`	`}`
`111`	`111`	`}`
Original file line number	Diff line number	Diff line change
`@@ -406,7 +406,7 @@ public void getMethodDelegatingApplicationListenerWhenWebSecurityConfigurationTh`
`406`	`406`	`}`
`407`	`407`
`408`	`408`	`@Test`
`409`		`- public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() {`
	`409`	`+ public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {`
`410`	`410`	`this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class).autowire();`
`411`	`411`
`412`	`412`	`FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);`
`@@ -415,7 +415,7 @@ public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() {`
`415`	`415`	`assertThat(filterChains).hasSize(4);`
`416`	`416`	`}`
`417`	`417`
`418`		`- @Configuration(proxyBeanMethods = false)`
	`418`	`+ @Configuration`
`419`	`419`	`static class SubclassConfig extends WebSecurityConfiguration {`
`420`	`420`	`}`
`421`	`421`