Commit 41398f0

committed

Move Authority Propagation Into Filters

1 parent d46ce34 commit 41398f0Copy full SHA for 41398f0

File tree

17 files changed

+55

-139

lines changed

config/src/main/java/org/springframework/security/config
- annotation
  - authentication
    - builders
      - AuthenticationManagerBuilder.java
    - configuration
      - AuthenticationConfiguration.java
  - method/configuration
    - GlobalMethodSecurityConfiguration.java
  - web
    - configuration
      - HttpSecurityConfiguration.java
    - configurers
      - WebAuthnConfigurer.java
- authentication
  - AuthenticationManagerFactoryBean.java
core/src
- main/java/org/springframework/security/authentication
- test/java/org/springframework/security/authentication
  - DelegatingReactiveAuthenticationManagerTests.java
  - ProviderManagerTests.java
web/src
- main/java/org/springframework/security/web
  - authentication
  - server/authentication
    - AuthenticationWebFilter.java
- test/java/org/springframework/security/web/authentication
  - AuthenticationFilterTests.java

17 files changed

+55

-139

lines changed

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java`

Lines changed: 0 additions & 30 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,14 +18,10 @@`
`18`	`18`
`19`	`19`	`import java.util.ArrayList;`
`20`	`20`	`import java.util.List;`
`21`		`-import java.util.stream.Stream;`
`22`	`21`
`23`	`22`	`import org.apache.commons.logging.Log;`
`24`	`23`	`import org.apache.commons.logging.LogFactory;`
`25`		`-import org.jspecify.annotations.Nullable;`
`26`	`24`
`27`		`-import org.springframework.beans.factory.BeanFactory;`
`28`		`-import org.springframework.beans.factory.ObjectProvider;`
`29`	`25`	`import org.springframework.security.authentication.AuthenticationEventPublisher;`
`30`	`26`	`import org.springframework.security.authentication.AuthenticationManager;`
`31`	`27`	`import org.springframework.security.authentication.AuthenticationProvider;`
`@@ -41,8 +37,6 @@`
`41`	`37`	`import org.springframework.security.config.annotation.authentication.configurers.userdetails.DaoAuthenticationConfigurer;`
`42`	`38`	`import org.springframework.security.config.annotation.authentication.configurers.userdetails.UserDetailsAwareConfigurer;`
`43`	`39`	`import org.springframework.security.core.Authentication;`
`44`		`-import org.springframework.security.core.context.SecurityContextHolder;`
`45`		`-import org.springframework.security.core.context.SecurityContextHolderStrategy;`
`46`	`40`	`import org.springframework.security.core.userdetails.UserDetailsService;`
`47`	`41`	`import org.springframework.util.Assert;`
`48`	`42`
`@@ -241,10 +235,6 @@ protected ProviderManager performBuild() throws Exception {`
`241`	`235`	`if (this.eventPublisher != null) {`
`242`	`236`	`providerManager.setAuthenticationEventPublisher(this.eventPublisher);`
`243`	`237`	`}`
`244`		`- SecurityContextHolderStrategy securityContextHolderStrategy = getBeanProvider(`
`245`		`- SecurityContextHolderStrategy.class)`
`246`		`- .getIfUnique(SecurityContextHolder::getContextHolderStrategy);`
`247`		`- providerManager.setSecurityContextHolderStrategy(securityContextHolderStrategy);`
`248`	`238`	`providerManager = postProcess(providerManager);`
`249`	`239`	`return providerManager;`
`250`	`240`	`}`
`@@ -293,24 +283,4 @@ public UserDetailsService getDefaultUserDetailsService() {`
`293`	`283`	`return configurer;`
`294`	`284`	`}`
`295`	`285`
`296`		`- private <C> ObjectProvider<C> getBeanProvider(Class<C> clazz) {`
`297`		`- BeanFactory beanFactory = getSharedObject(BeanFactory.class);`
`298`		`- return (beanFactory != null) ? beanFactory.getBeanProvider(clazz) : new SingleObjectProvider<>(null);`
`299`		`- }`
`300`		`-`
`301`		`- private static final class SingleObjectProvider<O> implements ObjectProvider<O> {`
`302`		`-`
`303`		`- private final @Nullable O object;`
`304`		`-`
`305`		`- private SingleObjectProvider(@Nullable O object) {`
`306`		`- this.object = object;`
`307`		`- }`
`308`		`-`
`309`		`- @Override`
`310`		`- public Stream<O> stream() {`
`311`		`- return Stream.ofNullable(this.object);`
`312`		`- }`
`313`		`-`
`314`		`- }`
`315`		`-`
`316`	`286`	`}`

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,6 @@`
`27`	`27`
`28`	`28`	`import org.springframework.aop.framework.ProxyFactoryBean;`
`29`	`29`	`import org.springframework.aop.target.LazyInitTargetSource;`
`30`		`-import org.springframework.beans.factory.BeanFactory;`
`31`	`30`	`import org.springframework.beans.factory.BeanFactoryUtils;`
`32`	`31`	`import org.springframework.beans.factory.annotation.Autowired;`
`33`	`32`	`import org.springframework.context.ApplicationContext;`
`@@ -84,7 +83,6 @@ public AuthenticationManagerBuilder authenticationManagerBuilder(ObjectPostProce`
`84`	`83`	`AuthenticationEventPublisher authenticationEventPublisher = getAuthenticationEventPublisher(context);`
`85`	`84`	`DefaultPasswordEncoderAuthenticationManagerBuilder result = new DefaultPasswordEncoderAuthenticationManagerBuilder(`
`86`	`85`	`objectPostProcessor, defaultPasswordEncoder);`
`87`		`- result.setSharedObject(BeanFactory.class, this.applicationContext);`
`88`	`86`	`if (authenticationEventPublisher != null) {`
`89`	`87`	`result.authenticationEventPublisher(authenticationEventPublisher);`
`90`	`88`	`}`

`‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -318,7 +318,6 @@ protected AuthenticationManager authenticationManager() throws Exception {`
`318`	`318`	`.postProcess(new DefaultAuthenticationEventPublisher());`
`319`	`319`	`this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);`
`320`	`320`	`this.auth.authenticationEventPublisher(eventPublisher);`
`321`		`- this.auth.setSharedObject(BeanFactory.class, this.context);`
`322`	`321`	`configure(this.auth);`
`323`	`322`	`this.authenticationManager = (this.disableAuthenticationRegistry)`
`324`	`323`	`? getAuthenticationConfiguration().getAuthenticationManager() : this.auth.build();`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@`
`21`	`21`	`import java.util.List;`
`22`	`22`	`import java.util.Map;`
`23`	`23`
`24`		`-import org.springframework.beans.factory.BeanFactory;`
`25`	`24`	`import org.springframework.beans.factory.ObjectProvider;`
`26`	`25`	`import org.springframework.beans.factory.annotation.Autowired;`
`27`	`26`	`import org.springframework.context.ApplicationContext;`
`@@ -117,7 +116,6 @@ HttpSecurity httpSecurity() throws Exception {`
`117`	`116`	`LazyPasswordEncoder passwordEncoder = new LazyPasswordEncoder(this.context);`
`118`	`117`	`AuthenticationManagerBuilder authenticationBuilder = new DefaultPasswordEncoderAuthenticationManagerBuilder(`
`119`	`118`	`this.objectPostProcessor, passwordEncoder);`
`120`		`- authenticationBuilder.setSharedObject(BeanFactory.class, this.context);`
`121`	`119`	`authenticationBuilder.parentAuthenticationManager(authenticationManager());`
`122`	`120`	`authenticationBuilder.authenticationEventPublisher(getAuthenticationEventPublisher());`
`123`	`121`	`HttpSecurity http = new HttpSecurity(this.objectPostProcessor, authenticationBuilder, createSharedObjects());`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java`

Lines changed: 2 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -162,10 +162,8 @@ public void configure(H http) throws Exception {`
`162`	`162`	`WebAuthnRelyingPartyOperations rpOperations = webAuthnRelyingPartyOperations(userEntities, userCredentials);`
`163`	`163`	`PublicKeyCredentialCreationOptionsRepository creationOptionsRepository = creationOptionsRepository();`
`164`	`164`	`WebAuthnAuthenticationFilter webAuthnAuthnFilter = new WebAuthnAuthenticationFilter();`
`165`		`- ProviderManager manager = new ProviderManager(`
`166`		`- new WebAuthnAuthenticationProvider(rpOperations, userDetailsService));`
`167`		`- manager.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());`
`168`		`- webAuthnAuthnFilter.setAuthenticationManager(manager);`
	`165`	`+ webAuthnAuthnFilter.setAuthenticationManager(`
	`166`	`+ new ProviderManager(new WebAuthnAuthenticationProvider(rpOperations, userDetailsService)));`
`169`	`167`	`WebAuthnRegistrationFilter webAuthnRegistrationFilter = new WebAuthnRegistrationFilter(userCredentials,`
`170`	`168`	`rpOperations);`
`171`	`169`	`PublicKeyCredentialCreationOptionsFilter creationOptionsFilter = new PublicKeyCredentialCreationOptionsFilter(`

`‎config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java`

Lines changed: 0 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,8 +30,6 @@`
`30`	`30`	`import org.springframework.security.authentication.ProviderManager;`
`31`	`31`	`import org.springframework.security.authentication.dao.DaoAuthenticationProvider;`
`32`	`32`	`import org.springframework.security.config.BeanIds;`
`33`		`-import org.springframework.security.core.context.SecurityContextHolder;`
`34`		`-import org.springframework.security.core.context.SecurityContextHolderStrategy;`
`35`	`33`	`import org.springframework.security.core.userdetails.UserDetailsService;`
`36`	`34`	`import org.springframework.security.crypto.password.PasswordEncoder;`
`37`	`35`
`@@ -74,10 +72,6 @@ public AuthenticationManager getObject() throws Exception {`
`74`	`72`	`}`
`75`	`73`	`provider.afterPropertiesSet();`
`76`	`74`	`ProviderManager manager = new ProviderManager(Arrays.asList(provider));`
`77`		`- SecurityContextHolderStrategy securityContextHolderStrategy = this.bf`
`78`		`- .getBeanProvider(SecurityContextHolderStrategy.class)`
`79`		`- .getIfUnique(SecurityContextHolder::getContextHolderStrategy);`
`80`		`- manager.setSecurityContextHolderStrategy(securityContextHolderStrategy);`
`81`	`75`	`if (this.observationRegistry.isNoop()) {`
`82`	`76`	`return manager;`
`83`	`77`	`}`

`‎core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@`
`16`	`16`
`17`	`17`	`package org.springframework.security.authentication;`
`18`	`18`
	`19`	`+import java.io.Serial;`
`19`	`20`	`import java.security.Principal;`
`20`	`21`	`import java.util.ArrayList;`
`21`	`22`	`import java.util.Collection;`
`@@ -43,6 +44,7 @@`
`43`	`44`	`*/`
`44`	`45`	`public abstract class AbstractAuthenticationToken implements Authentication, CredentialsContainer {`
`45`	`46`
	`47`	`+ @Serial`
`46`	`48`	`private static final long serialVersionUID = -3194696462184782834L;`
`47`	`49`
`48`	`50`	`private final Collection<GrantedAuthority> authorities;`

`‎core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java`

Lines changed: 0 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,6 @@`
`27`	`27`
`28`	`28`	`import org.springframework.security.core.Authentication;`
`29`	`29`	`import org.springframework.security.core.AuthenticationException;`
`30`		`-import org.springframework.security.core.context.ReactiveSecurityContextHolder;`
`31`	`30`	`import org.springframework.util.Assert;`
`32`	`31`
`33`	`32`	`/**`
`@@ -58,20 +57,6 @@ public DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManage`
`58`	`57`
`59`	`58`	`@Override`
`60`	`59`	`public Mono<Authentication> authenticate(Authentication authentication) {`
`61`		`- return ReactiveSecurityContextHolder.getContext().flatMap((context) -> {`
`62`		`- Mono<Authentication> result = doAuthenticate(authentication);`
`63`		`- Authentication current = context.getAuthentication();`
`64`		`- if (current == null) {`
`65`		`- return result;`
`66`		`- }`
`67`		`- if (!current.isAuthenticated()) {`
`68`		`- return result;`
`69`		`- }`
`70`		`- return doAuthenticate(current).map((r) -> r.toBuilder().apply(current).build());`
`71`		`- }).switchIfEmpty(doAuthenticate(authentication));`
`72`		`- }`
`73`		`-`
`74`		`- private Mono<Authentication> doAuthenticate(Authentication authentication) {`
`75`	`60`	`Flux<ReactiveAuthenticationManager> result = Flux.fromIterable(this.delegates);`
`76`	`61`	`Function<ReactiveAuthenticationManager, Mono<Authentication>> logging = (m) -> m.authenticate(authentication)`
`77`	`62`	`.doOnError(AuthenticationException.class, (ex) -> ex.setAuthenticationRequest(authentication))`

`‎core/src/main/java/org/springframework/security/authentication/ProviderManager.java`

Lines changed: 3 additions & 30 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,8 +33,6 @@`
`33`	`33`	`import org.springframework.security.core.AuthenticationException;`
`34`	`34`	`import org.springframework.security.core.CredentialsContainer;`
`35`	`35`	`import org.springframework.security.core.SpringSecurityMessageSource;`
`36`		`-import org.springframework.security.core.context.SecurityContextHolder;`
`37`		`-import org.springframework.security.core.context.SecurityContextHolderStrategy;`
`38`	`36`	`import org.springframework.util.Assert;`
`39`	`37`	`import org.springframework.util.CollectionUtils;`
`40`	`38`
`@@ -94,9 +92,6 @@ public class ProviderManager implements AuthenticationManager, MessageSourceAwar`
`94`	`92`
`95`	`93`	`private static final Log logger = LogFactory.getLog(ProviderManager.class);`
`96`	`94`
`97`		`- private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder`
`98`		`- .getContextHolderStrategy();`
`99`		`-`
`100`	`95`	`private AuthenticationEventPublisher eventPublisher = new NullEventPublisher();`
`101`	`96`
`102`	`97`	`private List<AuthenticationProvider> providers = Collections.emptyList();`
`@@ -187,7 +182,7 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`187`	`182`	`try {`
`188`	`183`	`result = provider.authenticate(authentication);`
`189`	`184`	`if (result != null) {`
`190`		`- copyDetails(authentication, result);`
	`185`	`+ result = copyDetails(authentication, result);`
`191`	`186`	`break;`
`192`	`187`	`}`
`193`	`188`	`}`
`@@ -214,7 +209,6 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`214`	`209`	`lastException = ex;`
`215`	`210`	`}`
`216`	`211`	`}`
`217`		`- result = applyPreviousAuthentication(result);`
`218`	`212`	`if (result == null && this.parent != null) {`
`219`	`213`	`// Allow the parent to try.`
`220`	`214`	`try {`
`@@ -271,20 +265,6 @@ public Authentication authenticate(Authentication authentication) throws Authent`
`271`	`265`	`throw lastException;`
`272`	`266`	`}`
`273`	`267`
`274`		`- private @Nullable Authentication applyPreviousAuthentication(@Nullable Authentication result) {`
`275`		`- if (result == null) {`
`276`		`- return null;`
`277`		`- }`
`278`		`- Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();`
`279`		`- if (current == null) {`
`280`		`- return result;`
`281`		`- }`
`282`		`- if (!current.isAuthenticated()) {`
`283`		`- return result;`
`284`		`- }`
`285`		`- return result.toBuilder().apply(current).build();`
`286`		`- }`
`287`		`-`
`288`	`268`	`@SuppressWarnings("deprecation")`
`289`	`269`	`private void prepareException(AuthenticationException ex, Authentication auth) {`
`290`	`270`	`ex.setAuthenticationRequest(auth);`
`@@ -297,21 +277,14 @@ private void prepareException(AuthenticationException ex, Authentication auth) {`
`297`	`277`	`* @param source source authentication`
`298`	`278`	`* @param dest the destination authentication object`
`299`	`279`	`*/`
`300`		`- private void copyDetails(Authentication source, Authentication dest) {`
`301`		`- if ((dest instanceof AbstractAuthenticationToken token) && (dest.getDetails() == null)) {`
`302`		`- token.setDetails(source.getDetails());`
`303`		`- }`
	`280`	`+ private Authentication copyDetails(Authentication source, Authentication dest) {`
	`281`	`+ return (dest.getDetails() != null) ? dest : dest.toBuilder().details(source.getDetails()).build();`
`304`	`282`	`}`
`305`	`283`
`306`	`284`	`public List<AuthenticationProvider> getProviders() {`
`307`	`285`	`return this.providers;`
`308`	`286`	`}`
`309`	`287`
`310`		`- public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {`
`311`		`- Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");`
`312`		`- this.securityContextHolderStrategy = securityContextHolderStrategy;`
`313`		`- }`
`314`		`-`
`315`	`288`	`@Override`
`316`	`289`	`public void setMessageSource(MessageSource messageSource) {`
`317`	`290`	`this.messages = new MessageSourceAccessor(messageSource);`

`‎core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java`

Lines changed: 0 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,13 +27,10 @@`
`27`	`27`
`28`	`28`	`import org.springframework.security.core.Authentication;`
`29`	`29`	`import org.springframework.security.core.AuthenticationException;`
`30`		`-import org.springframework.security.core.GrantedAuthority;`
`31`		`-import org.springframework.security.core.context.ReactiveSecurityContextHolder;`
`32`	`30`
`33`	`31`	`import static org.assertj.core.api.Assertions.assertThat;`
`34`	`32`	`import static org.mockito.ArgumentMatchers.any;`
`35`	`33`	`import static org.mockito.BDDMockito.given;`
`36`		`-import static org.mockito.Mockito.mock;`
`37`	`34`
`38`	`35`	`/**`
`39`	`36`	`* @author Rob Winch`
`@@ -121,24 +118,6 @@ void whenAccountStatusExceptionThenAuthenticationRequestIsIncluded() {`
`121`	`118`	`assertThat(expected.getAuthenticationRequest()).isEqualTo(this.authentication);`
`122`	`119`	`}`
`123`	`120`
`124`		`- @Test`
`125`		`- void authenticateWhenPreviousAuthenticationThenApplies() {`
`126`		`- Authentication factorOne = new TestingAuthenticationToken("user", "pass", "FACTOR_ONE");`
`127`		`- Authentication factorTwo = new TestingAuthenticationToken("user", "pass", "FACTOR_TWO");`
`128`		`- ReactiveAuthenticationManager provider = mock(ReactiveAuthenticationManager.class);`
`129`		`- given(provider.authenticate(any())).willReturn(Mono.just(factorTwo));`
`130`		`- ReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(provider);`
`131`		`- Authentication request = new TestingAuthenticationToken("user", "password");`
`132`		`- StepVerifier`
`133`		`- .create(manager.authenticate(request)`
`134`		`- .flatMapIterable(Authentication::getAuthorities)`
`135`		`- .map(GrantedAuthority::getAuthority)`
`136`		`- .contextWrite(ReactiveSecurityContextHolder.withAuthentication(factorOne)))`
`137`		`- .expectNext("FACTOR_TWO")`
`138`		`- .expectNext("FACTOR_ONE")`
`139`		`- .verifyComplete();`
`140`		`- }`
`141`		`-`
`142`	`121`	`private DelegatingReactiveAuthenticationManager managerWithContinueOnError() {`
`143`	`122`	`DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,`
`144`	`123`	`this.delegate2);`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 41398f0

File tree

17 files changed

17 files changed

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java`

`‎config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java`

`‎config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java`

`‎config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerFactoryBean.java`

`‎core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java`

`‎core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java`

`‎core/src/main/java/org/springframework/security/authentication/ProviderManager.java`

`‎core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java`

0 commit comments