Fix #16088
In order to WebFluxTypeExcludeFilter include user defined security configuration, I check that the class annotated with @ Configuration has a method with@ Bean and return SecurityWebFilterChain. I understand that someone might call this solution a dirty trick. But it seems to me that this is the only possible solution that does not introduce a large number of architectural changes.
I also added a smoke test. But not sure if I did it in the right place. If you see fit, I will change or remove this test.
Comment From: wilkinsona
Thanks for the PR, @RazorNd. It's quite an ingenious solution, but unfortunately we don't think we can merge it as it may result in other, unwanted beans being defined in the application.
The unwanted beans could come from other @Bean methods on the same @Configuration class or from other @Configuration classes that are @Imported directly or via an @Enable… annotation. We considered only including a @Configuration class when all it does is define a security web filter chain, but determining that is the case would require the filter to have too much knowledge of @Configuration class parsing and processing.
Thanks anyway.