Make SAML 2 login configuration back off with user provider config adapter

Previously, a WebSecurityConfigurerAdapter would be configured
irrespective of whether or not the user had provided their own
WebSecurityConfigurerAdapter. This then required them to use ordering
to diambiguate the configuration and made it harder to take complete
control of security configuration.

This commit updates the configuration of the SAML 2 login configurer
adapter to be conditional on missing bean, aligning it with other
security configuration such as the equivalent OAuth 2 configurer
adapter.

Closes gh-18530

Author: wilkinsona

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java

@@ -17,6 +17,7 @@
 package org.springframework.boot.autoconfigure.security.saml2;
 
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -33,6 +34,7 @@
 class Saml2LoginConfiguration {
 
 	@Configuration(proxyBeanMethods = false)
+	@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
 	static class Saml2LoginConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
 		@Override

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java

@@ -31,6 +31,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.BeanIds;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
@@ -104,6 +105,13 @@ void samlLoginShouldBeConfigured() {
 				.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isTrue());
 	}
 
+	@Test
+	void samlLoginShouldBackOffWhenAWebSecurityConfigurerAdapterIsDefined() {
+		this.contextRunner.withUserConfiguration(WebSecurityConfigurerAdapterConfiguration.class)
+				.withPropertyValues(getPropertyValues())
+				.run((context) -> assertThat(hasFilter(context, Saml2WebSsoAuthenticationFilter.class)).isFalse());
+	}
+
 	private String[] getPropertyValues() {
 		return new String[] {
 				PREFIX + ".foo.signing.credentials[0].private-key-location=classpath:saml/private-key-location",
@@ -130,4 +138,16 @@ RelyingPartyRegistrationRepository testRegistrationRepository() {
 
 	}
 
+	@Configuration(proxyBeanMethods = false)
+	static class WebSecurityConfigurerAdapterConfiguration {
+
+		@Bean
+		WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
+			return new WebSecurityConfigurerAdapter() {
+
+			};
+		}
+
+	}
+
 }