Make sure Spring related security beans for the shell are not installed if not wanted

refs #1121

Author: cdupuis

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java

@@ -155,6 +155,7 @@ public PluginLifeCycle shellBootstrap() {
 	 * Class to configure CRaSH to authenticate against Spring Security.
 	 */
 	@Configuration
+	@ConditionalOnExpression("'${shell.auth:spring}' == 'spring'")
 	@ConditionalOnBean({ AuthenticationManager.class })
 	@AutoConfigureAfter(CrshAutoConfiguration.class)
 	public static class AuthenticationManagerAdapterAutoConfiguration {
@@ -168,7 +169,6 @@ public CRaSHPlugin<?> shellAuthenticationManager() {
 		}
 
 		@Bean
-		@ConditionalOnExpression("'${shell.auth:spring}' == 'spring'")
 		@ConditionalOnMissingBean({ CrshShellAuthenticationProperties.class })
 		public CrshShellAuthenticationProperties springAuthenticationProperties() {
 			// In case no shell.auth property is provided fall back to Spring Security

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ShellProperties.java

@@ -427,9 +427,8 @@ protected void applyToCrshShellConfig(Properties config) {
 		}
 
 		public void setRoles(String[] roles) {
-			// 'roles' can be empty. This means no special to access right to connect to
+			// 'roles' can be null. This means no special to access right to connect to
 			// shell is required.
-			Assert.notNull(roles, "roles must not be null");
 			this.roles = roles;
 		}