SEC-2822: Make EnableGlobalAuthenticationAutowiredConfigurer static Bean

This ensures that EnableGlobalAuthenticationAutowiredConfigurer is actually
used in newer versions of Spring. See SPR-12646

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java

@@ -61,7 +61,7 @@ public class AuthenticationConfiguration {
     }
 
     @Bean
-    public GlobalAuthenticationConfigurerAdapter enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext context) {
+    public static GlobalAuthenticationConfigurerAdapter enableGlobalAuthenticationAutowiredConfigurer(ApplicationContext context) {
         return new EnableGlobalAuthenticationAutowiredConfigurer(context);
     }
 

config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy

@@ -16,7 +16,12 @@
 package org.springframework.security.config.annotation.authentication.configuration;
 
 import org.springframework.aop.framework.ProxyFactoryBean
+import org.springframework.beans.BeansException
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.beans.factory.config.BeanPostProcessor
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory
+import org.springframework.beans.factory.support.BeanDefinitionRegistry
+import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor
 import org.springframework.context.ApplicationContext
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
@@ -321,4 +326,44 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
             null
         }
     }
+
+    def "SEC-2822: Cannot Force Authentication already built"() {
+        setup:
+        loadConfig(Sec2822WebSecurity,Sec2822UseAuth,Sec2822Config)
+        when:
+        AuthenticationConfiguration config = context.getBean(AuthenticationConfiguration)
+        config.getAuthenticationManager()
+        then:
+        noExceptionThrown()
+    }
+
+    @Configuration
+    @Import(AuthenticationConfiguration)
+    static class Sec2822Config {}
+
+    @Configuration
+    @EnableWebSecurity
+    static class Sec2822WebSecurity extends WebSecurityConfigurerAdapter {
+        @Autowired
+        public void configureGlobal(AuthenticationManagerBuilder auth) {
+            auth.inMemoryAuthentication()
+        }
+    }
+
+    @Configuration
+    static class Sec2822UseAuth {
+        @Autowired
+        public void useAuthenticationManager(AuthenticationConfiguration auth) {
+            auth.authenticationManager
+        }
+
+        // Ensures that Sec2822UseAuth is initialized before Sec2822WebSecurity
+        // must have additional GlobalAuthenticationConfigurerAdapter to trigger SEC-2822
+        @Bean
+        public static GlobalAuthenticationConfigurerAdapter bootGlobalAuthenticationConfigurerAdapter() {
+            new BootGlobalAuthenticationConfigurerAdapter()
+        }
+
+        static class BootGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter { }
+    }
 }

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy

@@ -18,6 +18,7 @@ package org.springframework.security.config.annotation.method.configuration
 import org.springframework.beans.BeansException
 import org.springframework.beans.factory.config.BeanPostProcessor
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 
 import javax.sql.DataSource