diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java index 652558e0cd0..c0a5bece4b0 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurer.java @@ -107,15 +107,14 @@ static class MvcCorsFilter { * @return */ private static CorsFilter getMvcCorsFilter(ApplicationContext context) { - if (!context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) { - throw new NoSuchBeanDefinitionException(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, "A Bean named " - + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type " - + HandlerMappingIntrospector.class.getName() - + " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext."); + if (context.getBeanNamesForType(CorsConfigurationSource.class).length > 0) { + CorsConfigurationSource corsConfigurationSource = context + .getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, CorsConfigurationSource.class); + return new CorsFilter(corsConfigurationSource); } - HandlerMappingIntrospector mappingIntrospector = context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, - HandlerMappingIntrospector.class); - return new CorsFilter(mappingIntrospector); + throw new NoSuchBeanDefinitionException(CorsConfigurationSource.class, + "Failed to find a bean that implements `CorsConfigurationSource`. Please ensure that you are using " + + "`@EnableWebMvc`, are publishing a `WebMvcConfigurer`, or are publishing a `CorsConfigurationSource` bean."); } } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java index 1379e3e5930..e1ea28c637c 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java @@ -70,7 +70,8 @@ public void configureWhenNoMvcThenException() { assertThatExceptionOfType(BeanCreationException.class) .isThrownBy(() -> this.spring.register(DefaultCorsConfig.class).autowire()) .withMessageContaining( - "Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext"); + "Please ensure that you are using `@EnableWebMvc`, are publishing a `WebMvcConfigurer`, " + + "or are publishing a `CorsConfigurationSource` bean."); } @Test diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt index 67574bc8a41..67caafa8124 100644 --- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt @@ -56,7 +56,8 @@ class CorsDslTests { fun `CORS when no MVC then exception`() { assertThatThrownBy { this.spring.register(DefaultCorsConfig::class.java).autowire() } .isInstanceOf(BeanCreationException::class.java) - .hasMessageContaining("Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext") + .hasMessageContaining("Please ensure that you are using `@EnableWebMvc`, are publishing a `WebMvcConfigurer`, " + + "or are publishing a `CorsConfigurationSource` bean.") }