Skip to content

ReactiveCloudFoundryActuatorAutoConfiguration ignores firewall set on the WebFilterChainProxy when postprocessing it #45377

New issue
New issue
Open
Open
ReactiveCloudFoundryActuatorAutoConfiguration ignores firewall set on the WebFilterChainProxy when postprocessing it#45377
Labels
status: waiting-for-internal-feedbackAn issue that needs input from a member or another Spring Teamstatus: waiting-for-triageAn issue we've not yet triaged
@alfein

Description

@alfein
alfein
opened on May 6, 2025

Spring security fixed an issue in WebFilterChainProxy by allowing clients to override the default instance of the firewall field (ServerWebExchangeFirewall) with whatever client wants to or adjust the behavior of the default StrictServerWebExchangeFirewall instance:

spring-projects/spring-security#15974

However ReactiveCloudFoundryActuatorAutoConfiguration in the postProcess method overrides the default WebFilterChainProxy bean with new instance and ignoring any overrides of firewall the old bean had.

This causes apps that run on cloud foundry to not run the same way as they would outside of cloud foundry, and require my to disable cloud foundry management endpoints.

I think that's a bug

management:
  cloudfoundry:
    enabled: false

To test this behavior localy, set the VCAP_APPLICATION environment variable to something, json like.

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: waiting-for-internal-feedbackAn issue that needs input from a member or another Spring Teamstatus: waiting-for-triageAn issue we've not yet triaged

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions