Describe the bug
With kotlin 1.4 explicit api mode enabled explicit api mode I could not compile with Spring boot 2.4.0 anymore. With 2.3.5 it was working. However between those updates I enabled the strict mode. The error message is reading as Cannot access 'WebSecurityEnablerConfiguration': it is package-private in 'org.springframework.boot.autoconfigure.security.servlet'
To Reproduce
- Enable strict mode in gradle explicitApi = ExplicitApiMode.Strict
- Create a class to configure WebSecurity on such as @Configuration
@Order(ACTUATOR_FILTER_ORDER)
@Import(WebSecurityEnablerConfiguration::class)
@EnableConfigurationProperties(SpringBootAdminActuatorWebSecurityProperties::class)
public class SpringBootAdminActuatorWebSecurityConfigurerAdapter
- Compile
Expected behavior I should be able to use WebSecurityEnablerConfiguration annotation to consolidate the 5 annotations which is defined in that class. However since it's declared without modifier it's firstly package private and secondly throwing the error described above as the strict mode detects undeclared access modifier.
Sample
As it is a rather simple configuration issue the above will already throw the error described. I can't share company code but this will replicate it
@Order(ACTUATOR_FILTER_ORDER)
@Import(WebSecurityEnablerConfiguration::class)
@EnableConfigurationProperties(SpringBootAdminActuatorWebSecurityProperties::class)
public class SpringBootAdminActuatorWebSecurityConfigurerAdapter {}
Comment From: snicoll
@nntk WebSecurityEnablerConfiguration was made package private as of #22739 and Kotlin has nothing to do with the problem, really.
Why are you relying on WebSecurityEnablerConfiguration? This is not public API and meant to be used by the auto-configuration only. As the Javadoc states, that's just a replacement for @EnableWebSecurity if the user forgot to add it.
Comment From: nntk
Sorry didn't pay attention to the updates you made with 2.4.0. So I will use SecurityFilterChain over inheritance.