Fix handling missing Spring Security on classpath on Java 8. (#1552)

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+* Fix: Handling missing Spring Security on classpath on Java 8 (#1552)
 * Feat: Support transaction waiting for children to finish. (#1535) 
 * Feat: Capture logged marker in log4j2 and logback appenders (#1551)
 

sentry-spring-boot-starter/src/main/java/io/sentry/spring/boot/SentryAutoConfiguration.java

@@ -124,20 +124,24 @@ static class HubConfiguration {
     @Open
     static class SentryWebMvcConfiguration {
 
-      /**
-       * Configures {@link SpringSecuritySentryUserProvider} only if Spring Security is on the
-       * classpath. Its order is set to be higher than {@link
-       * SentryWebConfiguration#httpServletRequestSentryUserProvider(SentryOptions)}
-       *
-       * @param sentryOptions the Sentry options
-       * @return {@link SpringSecuritySentryUserProvider}
-       */
-      @Bean
+      @Configuration(proxyBeanMethods = false)
       @ConditionalOnClass(SecurityContextHolder.class)
-      @Order(1)
-      public @NotNull SpringSecuritySentryUserProvider springSecuritySentryUserProvider(
-          final @NotNull SentryOptions sentryOptions) {
-        return new SpringSecuritySentryUserProvider(sentryOptions);
+      @Open
+      static class SentrySecurityConfiguration {
+        /**
+         * Configures {@link SpringSecuritySentryUserProvider} only if Spring Security is on the
+         * classpath. Its order is set to be higher than {@link
+         * SentryWebConfiguration#httpServletRequestSentryUserProvider(SentryOptions)}
+         *
+         * @param sentryOptions the Sentry options
+         * @return {@link SpringSecuritySentryUserProvider}
+         */
+        @Bean
+        @Order(1)
+        public @NotNull SpringSecuritySentryUserProvider springSecuritySentryUserProvider(
+            final @NotNull SentryOptions sentryOptions) {
+          return new SpringSecuritySentryUserProvider(sentryOptions);
+        }
       }
 
       /**

sentry-spring-boot-starter/src/test/kotlin/io/sentry/spring/boot/SentryAutoConfigurationTest.kt

@@ -32,6 +32,7 @@ import java.lang.RuntimeException
 import javax.servlet.Filter
 import kotlin.test.Test
 import kotlin.test.assertEquals
+import kotlin.test.assertFalse
 import kotlin.test.assertTrue
 import org.aspectj.lang.ProceedingJoinPoint
 import org.assertj.core.api.Assertions.assertThat
@@ -50,6 +51,7 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.core.Ordered
 import org.springframework.core.annotation.Order
+import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.web.client.RestTemplate
 
 class SentryAutoConfigurationTest {
@@ -341,6 +343,19 @@ class SentryAutoConfigurationTest {
             }
     }
 
+    @Test
+    fun `when Spring Security is not on the classpath, SpringSecuritySentryUserProvider is not configured`() {
+        contextRunner.withPropertyValues("sentry.dsn=http://key@localhost/proj", "sentry.send-default-pii=true")
+            .withClassLoader(FilteredClassLoader(SecurityContextHolder::class.java))
+            .run { ctx ->
+                val userProviders = ctx.getSentryUserProviders()
+                assertTrue(userProviders.isNotEmpty())
+                userProviders.forEach {
+                    assertFalse(it is SpringSecuritySentryUserProvider)
+                }
+            }
+    }
+
     @Test
     fun `when tracing is enabled, creates tracing filter`() {
         contextRunner.withPropertyValues("sentry.dsn=http://key@localhost/proj", "sentry.enable-tracing=true")