SpringBoot Use of @ConditionalOnClass in AuditAutoConfiguration is brittle

While upgrading to Spring Security 7 snapshots, I've noticed that AuditAutoConfiguration had @ConditionalOnClass on a class that no longer exists. Turns out these conditions on bean methods aren't legit as they don't prevent the signature of the method to be loaded. To be effective, they must but put on a @Configuration class where the condition can backoff before the type is loaded.

Perhaps we should review these usage and add a rule to prevent that from happening?

Comment From: wilkinsona

We discussed this today and think the two methods should move into an inner-class that protected at the class level with @ConditionalOnClass. We'd also like to add an ArchUnit rule to try and prevent similar arrangements being added in the future.