Update HandlerMappingIntrospector Usage in CORS support

evgeniycheban · evgeniycheban · commit 0c17fd1ec2fa · 2025-03-22T18:58:52.000+02:00
Closes gh-16501 Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java
@@ -24,6 +24,7 @@
 import org.springframework.util.ClassUtils;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.PreFlightRequestHandler;
 import org.springframework.web.filter.CorsFilter;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
@@ -98,24 +99,20 @@ private CorsFilter getCorsFilter(ApplicationContext context) {
 
 	static class MvcCorsFilter {
 
-		private static final String HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME = "mvcHandlerMappingIntrospector";
-
 		/**
 		 * This needs to be isolated into a separate class as Spring MVC is an optional
 		 * dependency and will potentially cause ClassLoading issues
 		 * @param context
 		 * @return
 		 */
 		private static CorsFilter getMvcCorsFilter(ApplicationContext context) {
-			if (!context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
-				throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named "
-						+ HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type "
-						+ HandlerMappingIntrospector.class.getName()
-						+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
+			if (context.getBeanNamesForType(CorsConfigurationSource.class).length > 0) {
+				CorsConfigurationSource corsConfigurationSource = context.getBean(CorsConfigurationSource.class);
+				return new CorsFilter(corsConfigurationSource);
 			}
-			HandlerMappingIntrospector mappingIntrospector = context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
-					HandlerMappingIntrospector.class);
-			return new CorsFilter(mappingIntrospector);
+			throw new NoSuchBeanDefinitionException(CorsConfigurationSource.class,
+					"Failed to find a bean that implements `CorsConfigurationSource`. Please ensure that you are using "
+							+ "`@EnableWebMvc`, are publishing a `WebMvcConfigurer`, or are publishing a `CorsConfigurationSource` bean.");
 		}
 
 	}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java
@@ -70,7 +70,8 @@ public void configureWhenNoMvcThenException() {
 		assertThatExceptionOfType(BeanCreationException.class)
 			.isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire())
 			.withMessageContaining(
-					"Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");
+					"Please ensure that you are using `@EnableWebMvc`, are publishing a `WebMvcConfigurer`, "
+							+ "or are publishing a `CorsConfigurationSource` bean.");
 	}
 
 	@Test

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,8 @@ public void configureWhenNoMvcThenException() {`
`70`	`70`	`assertThatExceptionOfType(BeanCreationException.class)`
`71`	`71`	`.isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire())`
`72`	`72`	`.withMessageContaining(`
`73`		`- "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext");`
	`73`	+ "Please ensure that you are using `@EnableWebMvc`, are publishing a `WebMvcConfigurer`, "
	`74`	+ + "or are publishing a `CorsConfigurationSource` bean.");
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`@Test`