spring-projects
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodObservationConfiguration.java
Lines changed: 71 additions & 0 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodObservationConfiguration.java
Lines changed: 71 additions & 0 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecuritySelector.java
Lines changed: 1 addition & 2 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecuritySelector.java
Lines changed: 1 addition & 2 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodObservationConfiguration.java
Lines changed: 71 additions & 0 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodObservationConfiguration.java
Lines changed: 71 additions & 0 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
Lines changed: 2 additions & 0 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
Lines changed: 2 additions & 0 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
Lines changed: 1 addition & 2 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
Lines changed: 1 addition & 2 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/observation/configuration/AbstractObservationObjectPostProcessor.java
Lines changed: 0 additions & 53 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/observation/configuration/AbstractObservationObjectPostProcessor.java
Lines changed: 0 additions & 53 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/observation/configuration/ObservationConfiguration.java
Lines changed: 0 additions & 87 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/observation/configuration/ObservationConfiguration.java
Lines changed: 0 additions & 87 deletions
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.method.configuration;
+
+import io.micrometer.observation.ObservationRegistry;
+import org.aopalliance.intercept.MethodInvocation;
+
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Role;
+import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ObservationAuthorizationManager;
+import org.springframework.security.authorization.method.MethodInvocationResult;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.observation.SecurityObservationSettings;
+
+@Configuration(proxyBeanMethods = false)
+@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+class MethodObservationConfiguration {
+
+	private static final SecurityObservationSettings all = SecurityObservationSettings.withDefaults()
+		.shouldObserveRequests(true)
+		.shouldObserveAuthentications(true)
+		.shouldObserveAuthorizations(true)
+		.build();
+
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	static ObjectPostProcessor<AuthorizationManager<MethodInvocation>> methodAuthorizationManagerPostProcessor(
+			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
+		return new ObjectPostProcessor<>() {
+			@Override
+			public AuthorizationManager postProcess(AuthorizationManager object) {
+				ObservationRegistry r = registry.getIfUnique(() -> ObservationRegistry.NOOP);
+				boolean active = !r.isNoop() && predicate.getIfUnique(() -> all).shouldObserveAuthorizations();
+				return active ? new ObservationAuthorizationManager<>(r, object) : object;
+			}
+		};
+	}
+
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	static ObjectPostProcessor<AuthorizationManager<MethodInvocationResult>> methodResultAuthorizationManagerPostProcessor(
+			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
+		return new ObjectPostProcessor<>() {
+			@Override
+			public AuthorizationManager postProcess(AuthorizationManager object) {
+				ObservationRegistry r = registry.getIfUnique(() -> ObservationRegistry.NOOP);
+				boolean active = !r.isNoop() && predicate.getIfUnique(() -> all).shouldObserveAuthorizations();
+				return active ? new ObservationAuthorizationManager<>(r, object) : object;
+			}
+		};
+	}
+
+}
@@ -68,8 +68,7 @@ public String[] selectImports(@NonNull AnnotationMetadata importMetadata) {
 			imports.add(AuthorizationProxyDataConfiguration.class.getName());
 		}
 		if (isObservabilityPresent) {
-			imports.add(
-					"org.springframework.security.config.annotation.observation.configuration.ObservationConfiguration");
+			imports.add(MethodObservationConfiguration.class.getName());
 		}
 		return imports.toArray(new String[0]);
 	}
 
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.method.configuration;
+
+import io.micrometer.observation.ObservationRegistry;
+import org.aopalliance.intercept.MethodInvocation;
+
+import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Role;
+import org.springframework.security.authorization.ObservationReactiveAuthorizationManager;
+import org.springframework.security.authorization.ReactiveAuthorizationManager;
+import org.springframework.security.authorization.method.MethodInvocationResult;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.observation.SecurityObservationSettings;
+
+@Configuration(proxyBeanMethods = false)
+@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+class ReactiveMethodObservationConfiguration {
+
+	private static final SecurityObservationSettings all = SecurityObservationSettings.withDefaults()
+		.shouldObserveRequests(true)
+		.shouldObserveAuthentications(true)
+		.shouldObserveAuthorizations(true)
+		.build();
+
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	static ObjectPostProcessor<ReactiveAuthorizationManager<MethodInvocation>> methodAuthorizationManagerPostProcessor(
+			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
+		return new ObjectPostProcessor<>() {
+			@Override
+			public ReactiveAuthorizationManager postProcess(ReactiveAuthorizationManager object) {
+				ObservationRegistry r = registry.getIfUnique(() -> ObservationRegistry.NOOP);
+				boolean active = !r.isNoop() && predicate.getIfUnique(() -> all).shouldObserveAuthorizations();
+				return active ? new ObservationReactiveAuthorizationManager<>(r, object) : object;
+			}
+		};
+	}
+
+	@Bean
+	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	static ObjectPostProcessor<ReactiveAuthorizationManager<MethodInvocationResult>> methodResultAuthorizationManagerPostProcessor(
+			ObjectProvider<ObservationRegistry> registry, ObjectProvider<SecurityObservationSettings> predicate) {
+		return new ObjectPostProcessor<>() {
+			@Override
+			public ReactiveAuthorizationManager postProcess(ReactiveAuthorizationManager object) {
+				ObservationRegistry r = registry.getIfUnique(() -> ObservationRegistry.NOOP);
+				boolean active = !r.isNoop() && predicate.getIfUnique(() -> all).shouldObserveAuthorizations();
+				return active ? new ObservationReactiveAuthorizationManager<>(r, object) : object;
+			}
+		};
+	}
+
+}
@@ -22,6 +22,7 @@
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Fallback;
 import org.springframework.context.annotation.ImportAware;
 import org.springframework.context.annotation.Role;
 import org.springframework.core.type.AnnotationMetadata;
@@ -82,6 +83,7 @@ static PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(Abstract
 
 	@Bean
 	@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+	@Fallback
 	static DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler(
 			ReactiveMethodSecurityConfiguration configuration) {
 		DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
 
@@ -62,8 +62,7 @@ public String[] selectImports(AnnotationMetadata importMetadata) {
 			imports.add(AuthorizationProxyDataConfiguration.class.getName());
 		}
 		if (isObservabilityPresent) {
-			imports.add(
-					"org.springframework.security.config.annotation.observation.configuration.ReactiveObservationConfiguration");
+			imports.add(ReactiveMethodObservationConfiguration.class.getName());
 		}
 		imports.add(AuthorizationProxyConfiguration.class.getName());
 		return imports.toArray(new String[0]);
Original file line number	Diff line number	Diff line change
`@@ -68,8 +68,7 @@ public String[] selectImports(@NonNull AnnotationMetadata importMetadata) {`
`68`	`68`	`imports.add(AuthorizationProxyDataConfiguration.class.getName());`
`69`	`69`	`}`
`70`	`70`	`if (isObservabilityPresent) {`
`71`		`- imports.add(`
`72`		`- "org.springframework.security.config.annotation.observation.configuration.ObservationConfiguration");`
	`71`	`+ imports.add(MethodObservationConfiguration.class.getName());`
`73`	`72`	`}`
`74`	`73`	`return imports.toArray(new String[0]);`
`75`	`74`	`}`
Original file line number	Diff line number	Diff line change
`@@ -62,8 +62,7 @@ public String[] selectImports(AnnotationMetadata importMetadata) {`
`62`	`62`	`imports.add(AuthorizationProxyDataConfiguration.class.getName());`
`63`	`63`	`}`
`64`	`64`	`if (isObservabilityPresent) {`
`65`		`- imports.add(`
`66`		`- "org.springframework.security.config.annotation.observation.configuration.ReactiveObservationConfiguration");`
	`65`	`+ imports.add(ReactiveMethodObservationConfiguration.class.getName());`
`67`	`66`	`}`
`68`	`67`	`imports.add(AuthorizationProxyConfiguration.class.getName());`
`69`	`68`	`return imports.toArray(new String[0]);`