From 582622eb4d4357714959ceade1cf8da36b064027 Mon Sep 17 00:00:00 2001
From: Matt Raible <matt@raibledesigns.com>
Date: Sat, 26 Oct 2024 11:04:10 -0600
Subject: [PATCH] Add workaround for Spring Cloud (#27690)

---
 .../SecurityConfiguration_imperative.java.ejs | 23 +++++++++++++++++++
 .../SecurityConfiguration_reactive.java.ejs   | 23 +++++++++++++++++++
 2 files changed, 46 insertions(+)

diff --git a/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs b/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs
index 2608def0318..1f18482d873 100644
--- a/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs
+++ b/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_imperative.java.ejs
@@ -51,6 +51,10 @@ import tech.jhipster.web.filter.CookieCsrfFilter;
 <%_ if (!skipClient) { _%>
 import <%= packageName %>.web.filter.SpaWebFilter;
 <%_ } _%>
+<%_ if (applicationTypeGateway) { _%>
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+<%_ } _%>
 <%_ if (authenticationUsesCsrf && !applicationTypeMicroservice) { _%>
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -113,6 +117,10 @@ import <%= packageName %>.security.oauth2.CustomClaimConverter;
 <%_ if(!skipClient) { _%>
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter;
 <%_ } _%>
+<%_ if (applicationTypeGateway) { _%>
+import org.springframework.security.web.server.WebFilterChainProxy;
+import org.springframework.security.web.server.firewall.ServerWebExchangeFirewall;
+<%_ } _%>
 <%_ if (authenticationUsesCsrf && !applicationTypeMicroservice) { _%>
 import org.springframework.util.StringUtils;
 <%_ } _%>
@@ -416,4 +424,19 @@ public class SecurityConfiguration {
         }
     }
 <%_ } _%>
+<%_ if (applicationTypeGateway) { _%>
+    <!-- Fix for Spring Boot 3.3.5: https://github.com/spring-cloud/spring-cloud-gateway/issues/3568 -->
+    @Bean
+    BeanPostProcessor beanPostProcessor() {
+        return new BeanPostProcessor() {
+            @Override
+            public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
+                if (bean instanceof WebFilterChainProxy springSecurity) {
+                    springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
+                }
+                return bean;
+            }
+        };
+    }
+<%_ } _%>
 }
diff --git a/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs b/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs
index ea732caf90c..43ae66dcd5b 100644
--- a/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs
+++ b/generators/spring-boot/templates/src/main/java/_package_/config/SecurityConfiguration_reactive.java.ejs
@@ -39,6 +39,10 @@ import org.springframework.boot.autoconfigure.security.SecurityProperties;
 <%_ if (!skipClient) { _%>
 import <%= packageName %>.web.filter.SpaWebFilter;
 <%_ } _%>
+<%_ if (applicationTypeGateway) { _%>
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+<%_ } _%>
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 <%_ if (authenticationTypeOauth2) { _%>
@@ -114,6 +118,10 @@ import org.springframework.security.web.server.savedrequest.NoOpServerRequestCac
 <%_ } _%>
 import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
+<%_ if (applicationTypeGateway) { _%>
+import org.springframework.security.web.server.WebFilterChainProxy;
+import org.springframework.security.web.server.firewall.ServerWebExchangeFirewall;
+<%_ } _%>
 <%_ if (authenticationUsesCsrf) { _%>
 import reactor.core.publisher.Mono;
 <%_ } _%>
@@ -482,4 +490,19 @@ public class SecurityConfiguration {
         return Mono.empty();
     }
 <%_ } _%>
+<%_ if (applicationTypeGateway) { _%>
+    <!-- Fix for Spring Boot 3.3.5: https://github.com/spring-cloud/spring-cloud-gateway/issues/3568 -->
+    @Bean
+    BeanPostProcessor beanPostProcessor() {
+        return new BeanPostProcessor() {
+            @Override
+            public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
+                if (bean instanceof WebFilterChainProxy springSecurity) {
+                    springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
+                }
+                return bean;
+            }
+        };
+    }
+<%_ } _%>
 }