profile
viewpoint

Ask questionsspring-boot-starter-rsocket pom contains security dependencies

It appears that as of spring-boot-starter-rsocket-2.3.0.M1.pom it contains Spring Security dependencies that are being pulled in transitively. The dependencies are in 2.3.0.M2 and the latest 2.3.0.BUILD-SNAPSHOT:

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-config</artifactId>
  <scope>compile</scope>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-web</artifactId>
  <scope>compile</scope>
</dependency>

This means that simply adding the spring-boot-starter-rsocket triggers the Spring Boot auto configuration for Security.

This was originally brought to my attention because @joshlong was having difficulties doing a demo and asked for my help. I haven't investigated the scope of the problem, so it would probably be good to check if other dependencies are impacted.

spring-projects/spring-boot

Answer questions rwinch

Thanks for the quick turnaround on this!

useful!

Related questions

Dependency resolution fails with Gradle 5.3.x to 5.6.x hot 4
Controller annotated with @Timed and active TimedAspect clashes with WebMvcMetricsFilter hot 2
Source file must be provided failure when running spring-boot:repackage from the command-line hot 2
Actuator: NPE in LongTaskTimingHandlerInterceptor hot 2
ConfigurationProperties with constructor binding cannot be mocked hot 2
NoClassDefFoundError: net/bytebuddy/NamingStrategy$SuffixingRandom$BaseNameResolver hot 2
No bean named &#39;entityManagerFactory&#39; available hot 2
Bug in org.springframework.boot on 2.2.3.RELEASE version hot 2
Deadlock between BackgroundPreinitializer and main thread in Spring Cloud Config Server hot 2
spring boot Servlet.service() for servlet [dispatcherServlet] in context with path threw exception hot 2
Migrating OAuth2 from Spring Boot 1.5 to 2.0 Broken hot 2
Add AutoConfiguration support for spring-security-saml2-service-provider hot 2
Validation api missing in 2.3.0.RELEASE hot 2
Replace deprecated MediaType.APPLICATION_JSON_UTF8 usage hot 2
Classloading problems with Spring Boot, JDK11 and Security Manager hot 1
Github User Rank List