Commit 49f308a

committed

Use Supplier<? extends @nullable Authentication>

Previously Supplier<@nullable Authentication> was used. This prevented Supplier<Authentication> from being used. The code now uses Supplier<? extends @nullable Authentication> which allows for both Supplier<@nullable Authentication> and Supplier<Authentication>. Closes gh-17814

1 parent 4cbe8de commit 49f308aCopy full SHA for 49f308a

File tree

32 files changed

+70

-43

lines changed

config/src
- main
  - java/org/springframework/security/config
    - method
      - PointcutDelegatingAuthorizationManager.java
    - websocket
      - WebSocketMessageBrokerSecurityBeanDefinitionParser.java
  - kotlin/org/springframework/security/config/annotation/web
    - AuthorizeHttpRequestsDsl.kt
- test
  - java/org/springframework/security/config
    - annotation/web/builders
      - NamespaceHttpTests.java
    - method
      - MethodSecurityBeanDefinitionParserTests.java
    - websocket
      - WebSocketMessageBrokerConfigTests.java
  - kotlin/org/springframework/security/config/annotation/web
    - AuthorizeHttpRequestsDslTests.kt
core/src/main/java/org/springframework/security
- access/expression
- authorization
messaging/src/main/java/org/springframework/security/messaging/access
- expression
- intercept
  - MessageMatcherDelegatingAuthorizationManager.java
web/src/main/java/org/springframework/security/web/access

32 files changed

+70

-43

lines changed

`‎config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@`
`20`	`20`	`import java.util.function.Supplier;`
`21`	`21`
`22`	`22`	`import org.aopalliance.intercept.MethodInvocation;`
	`23`	`+import org.jspecify.annotations.Nullable;`
`23`	`24`
`24`	`25`	`import org.springframework.aop.Pointcut;`
`25`	`26`	`import org.springframework.aop.support.AopUtils;`
`@@ -37,7 +38,8 @@ class PointcutDelegatingAuthorizationManager implements AuthorizationManager<Met`
`37`	`38`	`}`
`38`	`39`
`39`	`40`	`@Override`
`40`		`- public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation object) {`
	`41`	`+ public AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication,`
	`42`	`+ MethodInvocation object) {`
`41`	`43`	`for (Map.Entry<Pointcut, AuthorizationManager<MethodInvocation>> entry : this.managers.entrySet()) {`
`42`	`44`	`Class<?> targetClass = (object.getThis() != null) ? AopUtils.getTargetClass(object.getThis()) : null;`
`43`	`45`	`if (entry.getKey().getClassFilter().matches(targetClass)`

`‎config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@`
`25`	`25`	`import java.util.Set;`
`26`	`26`	`import java.util.function.Supplier;`
`27`	`27`
	`28`	`+import org.jspecify.annotations.Nullable;`
`28`	`29`	`import org.w3c.dom.Element;`
`29`	`30`
`30`	`31`	`import org.springframework.beans.BeansException;`
`@@ -458,7 +459,7 @@ private ExpressionBasedAuthorizationManager(`
`458`	`459`	`}`
`459`	`460`
`460`	`461`	`@Override`
`461`		`- public AuthorizationResult authorize(Supplier<Authentication> authentication,`
	`462`	`+ public AuthorizationResult authorize(Supplier<? extends@NullableAuthentication> authentication,`
`462`	`463`	`MessageAuthorizationContext<?> object) {`
`463`	`464`	`EvaluationContext context = this.expressionHandler.createEvaluationContext(authentication, object);`
`464`	`465`	`boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, context);`

`‎config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,6 @@ import org.springframework.security.config.annotation.web.configurers.AuthorizeH`
`29`	`29`	`import org.springframework.security.config.core.GrantedAuthorityDefaults`
`30`	`30`	`import org.springframework.security.core.Authentication`
`31`	`31`	`import org.springframework.security.web.access.IpAddressAuthorizationManager`
`32`		`-import org.springframework.security.web.access.intercept.AuthorizationFilter`
`33`	`32`	`import org.springframework.security.web.access.intercept.RequestAuthorizationContext`
`34`	`33`	`import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher`
`35`	`34`	`import org.springframework.security.web.util.matcher.AnyRequestMatcher`
`@@ -235,13 +234,13 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {`
`235`	`234`	`* Specify that URLs are allowed by anyone.`
`236`	`235`	`*/`
`237`	`236`	`val permitAll: AuthorizationManager<RequestAuthorizationContext> =`
`238`		`- AuthorizationManager { _: Supplier<Authentication?>, _: RequestAuthorizationContext -> AuthorizationDecision(true) }`
	`237`	`+ AuthorizationManager { _: Supplier<outAuthentication>, _: RequestAuthorizationContext -> AuthorizationDecision(true) }`
`239`	`238`
`240`	`239`	`/**`
`241`	`240`	`* Specify that URLs are not allowed by anyone.`
`242`	`241`	`*/`
`243`	`242`	`val denyAll: AuthorizationManager<RequestAuthorizationContext> =`
`244`		`- AuthorizationManager { _: Supplier<Authentication?>, _: RequestAuthorizationContext -> AuthorizationDecision(false) }`
	`243`	`+ AuthorizationManager { _: Supplier<outAuthentication>, _: RequestAuthorizationContext -> AuthorizationDecision(false) }`
`245`	`244`
`246`	`245`	`/**`
`247`	`246`	`* Specify that URLs are allowed by any authenticated user.`

`‎config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@`
`25`	`25`
`26`	`26`	`import jakarta.servlet.http.HttpServletRequest;`
`27`	`27`	`import jakarta.servlet.http.HttpSession;`
	`28`	`+import org.jspecify.annotations.Nullable;`
`28`	`29`	`import org.junit.jupiter.api.Test;`
`29`	`30`	`import org.junit.jupiter.api.extension.ExtendWith;`
`30`	`31`
`@@ -310,7 +311,7 @@ private AccessAuthorizationManagerAdapter(AccessDecisionManager delegate, String`
`310`	`311`	`}`
`311`	`312`
`312`	`313`	`@Override`
`313`		`- public AuthorizationResult authorize(Supplier<Authentication> authentication,`
	`314`	`+ public AuthorizationResult authorize(Supplier<? extends@NullableAuthentication> authentication,`
`314`	`315`	`RequestAuthorizationContext object) {`
`315`	`316`	`HttpServletRequest request = object.getRequest();`
`316`	`317`	`FilterInvocation invocation = new FilterInvocation(request.getContextPath(), request.getServletPath(),`

`‎config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -464,7 +464,9 @@ public boolean hasPermission(Authentication authentication, Serializable targetI`
`464`	`464`	`static class MyAuthorizationManager implements AuthorizationManager<MethodInvocation> {`
`465`	`465`
`466`	`466`	`@Override`
`467`		`- public AuthorizationResult authorize(Supplier<Authentication> authentication, MethodInvocation object) {`
	`467`	`+ public AuthorizationResult authorize(`
	`468`	`+ Supplier<? extends @org.jspecify.annotations.Nullable Authentication> authentication,`
	`469`	`+ MethodInvocation object) {`
`468`	`470`	`return new AuthorizationDecision("bob".equals(authentication.get().getName()));`
`469`	`471`	`}`
`470`	`472`

`‎config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`import java.util.function.Supplier;`
`27`	`27`
`28`	`28`	`import org.assertj.core.api.ThrowableAssert;`
	`29`	`+import org.jspecify.annotations.Nullable;`
`29`	`30`	`import org.junit.jupiter.api.Test;`
`30`	`31`	`import org.junit.jupiter.api.extension.ExtendWith;`
`31`	`32`
`@@ -735,7 +736,7 @@ public boolean denyNile() {`
`735`	`736`	`}`
`736`	`737`
`737`	`738`	`@Override`
`738`		`- public EvaluationContext createEvaluationContext(Supplier<Authentication> authentication,`
	`739`	`+ public EvaluationContext createEvaluationContext(Supplier<? extends@NullableAuthentication> authentication,`
`739`	`740`	`Message<Object> message) {`
`740`	`741`	`return new StandardEvaluationContext(new MessageSecurityExpressionRoot(authentication, message) {`
`741`	`742`	`public boolean denyNile() {`

`‎config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -193,7 +193,7 @@ class AuthorizeHttpRequestsDslTests {`
`193`	`193`	`open class MvcMatcherPathVariablesConfig {`
`194`	`194`	`@Bean`
`195`	`195`	`open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {`
`196`		`- val access = AuthorizationManager { _: Supplier<Authentication?>, context: RequestAuthorizationContext ->`
	`196`	`+ val access = AuthorizationManager { _: Supplier<outAuthentication>, context: RequestAuthorizationContext ->`
`197`	`197`	`AuthorizationDecision(context.variables["userName"] == "user")`
`198`	`198`	`}`
`199`	`199`	`http {`

`‎core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,8 @@ public interface SecurityExpressionHandler<T> extends AopInfrastructureBean {`
`57`	`57`	`* @return the {@link EvaluationContext} to use`
`58`	`58`	`* @since 5.8`
`59`	`59`	`*/`
`60`		`- default EvaluationContext createEvaluationContext(Supplier<@Nullable Authentication> authentication, T invocation) {`
	`60`	`+ default EvaluationContext createEvaluationContext(Supplier<? extends @Nullable Authentication> authentication,`
	`61`	`+ T invocation) {`
`61`	`62`	`return createEvaluationContext(authentication.get(), invocation);`
`62`	`63`	`}`
`63`	`64`

`‎core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public SecurityExpressionRoot(@Nullable Authentication authentication) {`
`89`	`89`	`* Cannot be null.`
`90`	`90`	`* @since 5.8`
`91`	`91`	`*/`
`92`		`- public SecurityExpressionRoot(Supplier<@Nullable Authentication> authentication) {`
	`92`	`+ public SecurityExpressionRoot(Supplier<? extends@Nullable Authentication> authentication) {`
`93`	`93`	`this.authentication = SingletonSupplier.of(() -> {`
`94`	`94`	`Authentication value = authentication.get();`
`95`	`95`	`Assert.notNull(value, "Authentication object cannot be null");`

`‎core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ public StandardEvaluationContext createEvaluationContextInternal(@Nullable Authe`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`@Override`
`88`		`- public EvaluationContext createEvaluationContext(Supplier<@Nullable Authentication> authentication,`
	`88`	`+ public EvaluationContext createEvaluationContext(Supplier<? extends@Nullable Authentication> authentication,`
`89`	`89`	`MethodInvocation mi) {`
`90`	`90`	`MethodSecurityExpressionOperations root = createSecurityExpressionRoot(authentication, mi);`
`91`	`91`	`MethodSecurityEvaluationContext ctx = new MethodSecurityEvaluationContext(root, mi,`
`@@ -104,7 +104,7 @@ protected MethodSecurityExpressionOperations createSecurityExpressionRoot(@Nulla`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`private MethodSecurityExpressionOperations createSecurityExpressionRoot(`
`107`		`- Supplier<@Nullable Authentication> authentication, MethodInvocation invocation) {`
	`107`	`+ Supplier<? extends@Nullable Authentication> authentication, MethodInvocation invocation) {`
`108`	`108`	`MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication);`
`109`	`109`	`root.setThis(invocation.getThis());`
`110`	`110`	`root.setPermissionEvaluator(getPermissionEvaluator());`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 49f308a

File tree

32 files changed

32 files changed

`‎config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java`

`‎config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java`

`‎config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt`

`‎config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java`

`‎config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java`

`‎config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java`

`‎config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt`

`‎core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java`

`‎core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java`

`‎core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java`

0 commit comments