This commit correct a mistake where AuthenticationManager was used
instead of ReactiveAuthenticationManager. It also expands the
conditions so that WebFlux security will be enabled when the user
has defined their own SecurityWebFilterChain. In such a situation
no other security-related beans may be needed to use WebFlux
security as things may have been configured directly using the DSL.
Closes gh-37504
This commit introduces `spring.jms.listener.session-transacted` property
in order to enable explicit configuration of `sessionTransacted` on the
`DefaultMessageListenerContainer`.
Prior to this commit, `sessionTransacted` would be configured implicitly
based on presence of `JtaTransactionManager`.
See gh-37473
Previously auto-configuration of a user details service (imperative
or reactive) would only back off on the presence of certain beans.
This led to situations where the im-memory service was
auto-configured and the default password was logged even though
another authentication mechanism was in use.
This commit updates the auto-configuration so that it backs off
when depending on Spring Security's OAuth2 Client and OAuth2
Resource Server modules. In the imperative case it will also back
off when depending on the SAML 2 provider.
Closes gh-35338
If there's no authentication manager bean or no bean from which
one can be created, Spring Security's reactive support may fail to
bootstrap due to a null authentication manager.
This commit causes the auto-configuration that enables WebFlux
security to back off in the absence of an AuthenticationManager bean
and a ReactiveUserDetailsService (from which Spring Security can
create an AuthenticationManager) bean. Other reactive security
auto-configuration that can configure things such that WebFlux security
can be bootstrapped without an AuthenticationManager has been updated
to enable WebFlux security rather than relying on another
auto-configuration class to do so.
Fixes gh-37504
Update JMS listener concurrency configuration to set the same minimum
and maximum number of consumers when users specify only the minimum
using `spring.jms.listener.concurrency` property.
Prior to this commit, when using `spring.jms.listener.concurrency` to
set the minimum number of consumers without also specifying
`spring.jms.listener.max-concurrency` would result in effective
concurrency where the actual minimum number of consumers is always 1,
while the maximum number of consumers is the value of
`spring.jms.listener.concurrency`.
See gh-37180
This commit renames `spring.jms.listener.concurrency` property to
`spring.jms.listener.min-concurrency` in order to better align it with
`spring.jms.listener.max-concurrency`.
See gh-37451
