Change @bean method signature to return RsaKeyConversionServicePostProcessor instead of BeanFactoryPostProcessor

quaff · quaff · commit 5af7c730d6a5 · 2025-08-08T14:45:54.000+08:00
It's friendly for Spring Boot's `@ConditionalOnMissingBean`, and:

&gt;&gt; When defining a Spring `@Bean` method, it is generally recommended to declare the most specific type possible as the method's return type. This means returning the concrete class of the bean, or the most specific interface that the bean implements and through which it will be referenced in the application.

Signed-off-by: Yanming Zhou &lt;zhouyanming@gmail.com&gt;
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -33,7 +33,6 @@
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
@@ -79,6 +78,7 @@
  *
  * @author Rob Winch
  * @author Keesun Baik
+ * @author Yanming Zhou
  * @since 3.2
  * @see EnableWebSecurity
  * @see WebSecurity
@@ -190,7 +190,7 @@ void setWebSecurityCustomizers(List<WebSecurityCustomizer> webSecurityCustomizer
 	}
 
 	@Bean
-	public static BeanFactoryPostProcessor conversionServicePostProcessor() {
+	public static RsaKeyConversionServicePostProcessor conversionServicePostProcessor() {
 		return new RsaKeyConversionServicePostProcessor();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -21,7 +21,6 @@
 
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -44,12 +43,13 @@
 
 /**
  * @author Rob Winch
+ * @author Yanming Zhou
  * @since 5.0
  */
 @Configuration(proxyBeanMethods = false)
 class WebFluxSecurityConfiguration {
 
-	public static final int WEB_FILTER_CHAIN_FILTER_ORDER = 0 - 100;
+	public static final int WEB_FILTER_CHAIN_FILTER_ORDER = -100;
 
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.";
 
@@ -100,7 +100,7 @@ CsrfRequestDataValueProcessor requestDataValueProcessor() {
 	}
 
 	@Bean
-	static BeanFactoryPostProcessor conversionServicePostProcessor() {
+	static RsaKeyConversionServicePostProcessor conversionServicePostProcessor() {
 		return new RsaKeyConversionServicePostProcessor();
 	}
 
