Add hints for ProxyFactoryBean AuthenticationManager

Closes gh-12367

Author: marcusdacoregio

config/spring-security-config.gradle

@@ -93,6 +93,7 @@ dependencies {
 	testImplementation 'org.springframework:spring-jdbc'
 	testImplementation 'org.springframework:spring-orm'
 	testImplementation 'org.springframework:spring-tx'
+	testImplementation 'org.springframework:spring-core-test'
 	testImplementation ('org.springframework.data:spring-data-jpa') {
 		exclude group: 'org.aspectj', module: 'aspectjrt'
 	}

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessor.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.authentication.configuration;
+
+import java.util.Set;
+
+import org.springframework.aop.framework.AopProxyUtils;
+import org.springframework.aot.generate.GenerationContext;
+import org.springframework.aot.hint.ProxyHints;
+import org.springframework.beans.factory.aot.BeanRegistrationAotContribution;
+import org.springframework.beans.factory.aot.BeanRegistrationAotProcessor;
+import org.springframework.beans.factory.aot.BeanRegistrationCode;
+import org.springframework.beans.factory.support.RegisteredBean;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.util.ClassUtils;
+
+/**
+ * AOT {@code BeanRegistrationAotProcessor} that detects beans that implement
+ * {@link AuthenticationManager} creates the required proxy hints.
+ *
+ * @author Marcus da Coregio
+ * @since 6.0.1
+ * @see AuthenticationConfiguration#getAuthenticationManager()
+ */
+class AuthenticationManagerBeanRegistrationAotProcessor implements BeanRegistrationAotProcessor {
+
+	@Override
+	public BeanRegistrationAotContribution processAheadOfTime(RegisteredBean registeredBean) {
+		Class<?> beanClass = registeredBean.getBeanClass();
+		Set<Class<?>> allInterfacesForClass = ClassUtils.getAllInterfacesForClassAsSet(beanClass);
+		if (allInterfacesForClass.contains(AuthenticationManager.class)) {
+			return new AuthenticationManagerBeanRegistrationAotContribution();
+		}
+		return null;
+	}
+
+	private static class AuthenticationManagerBeanRegistrationAotContribution
+			implements BeanRegistrationAotContribution {
+
+		@Override
+		public void applyTo(GenerationContext generationContext, BeanRegistrationCode beanRegistrationCode) {
+			ProxyHints proxyHints = generationContext.getRuntimeHints().proxies();
+			proxyHints.registerJdkProxy(AopProxyUtils.completeJdkProxyInterfaces(AuthenticationManager.class));
+		}
+
+	}
+
+}

config/src/main/resources/META-INF/spring/aot.factories

@@ -0,0 +1,2 @@
+org.springframework.beans.factory.aot.BeanRegistrationAotProcessor=\
+org.springframework.security.config.annotation.authentication.configuration.AuthenticationManagerBeanRegistrationAotProcessor

config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessorTests.java

@@ -0,0 +1,102 @@
+/*
+ * Copyright 2002-2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.authentication.configuration;
+
+import org.junit.jupiter.api.Test;
+
+import org.springframework.aop.SpringProxy;
+import org.springframework.aop.framework.Advised;
+import org.springframework.aot.generate.GenerationContext;
+import org.springframework.aot.hint.predicate.RuntimeHintsPredicates;
+import org.springframework.aot.test.generate.TestGenerationContext;
+import org.springframework.beans.factory.aot.BeanRegistrationAotContribution;
+import org.springframework.beans.factory.aot.BeanRegistrationCode;
+import org.springframework.beans.factory.support.DefaultListableBeanFactory;
+import org.springframework.beans.factory.support.RegisteredBean;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.core.DecoratingProxy;
+import org.springframework.lang.Nullable;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;
+
+/**
+ * Tests for {@link AuthenticationManagerBeanRegistrationAotProcessor}
+ *
+ * @author Marcus da Coregio
+ */
+class AuthenticationManagerBeanRegistrationAotProcessorTests {
+
+	private final AuthenticationManagerBeanRegistrationAotProcessor processor = new AuthenticationManagerBeanRegistrationAotProcessor();
+
+	private final GenerationContext generationContext = new TestGenerationContext();
+
+	@Test
+	void shouldSkipWhenInterfaceNotImplemented() {
+		process(NoAuthenticationManager.class);
+		assertThat(this.generationContext.getRuntimeHints().proxies().jdkProxyHints()).isEmpty();
+	}
+
+	@Test
+	void shouldProcessWhenImplementsInterface() {
+		process(MyAuthenticationManager.class);
+		assertThat(RuntimeHintsPredicates.proxies().forInterfaces(AuthenticationManager.class, SpringProxy.class,
+				Advised.class, DecoratingProxy.class)).accepts(this.generationContext.getRuntimeHints());
+	}
+
+	@Test
+	void shouldProcessWhenSuperclassImplementsInterface() {
+		process(ChildAuthenticationManager.class);
+		assertThat(RuntimeHintsPredicates.proxies().forInterfaces(AuthenticationManager.class, SpringProxy.class,
+				Advised.class, DecoratingProxy.class)).accepts(this.generationContext.getRuntimeHints());
+	}
+
+	private void process(Class<?> beanClass) {
+		BeanRegistrationAotContribution contribution = createContribution(beanClass);
+		if (contribution != null) {
+			contribution.applyTo(this.generationContext, mock(BeanRegistrationCode.class));
+		}
+	}
+
+	@Nullable
+	private BeanRegistrationAotContribution createContribution(Class<?> beanClass) {
+		DefaultListableBeanFactory beanFactory = new DefaultListableBeanFactory();
+		beanFactory.registerBeanDefinition(beanClass.getName(), new RootBeanDefinition(beanClass));
+		return this.processor.processAheadOfTime(RegisteredBean.of(beanFactory, beanClass.getName()));
+	}
+
+	static class NoAuthenticationManager {
+
+	}
+
+	static class MyAuthenticationManager implements AuthenticationManager {
+
+		@Override
+		public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+			return null;
+		}
+
+	}
+
+	static class ChildAuthenticationManager extends MyAuthenticationManager {
+
+	}
+
+}