mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-25 03:38:43 +00:00 
			
		
		
		
	Merge branch '6.5.x'
This commit is contained in:
		
						commit
						25f69e92c7
					
				| @ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { | |||||||
| 	private static final boolean isDataPresent = ClassUtils | 	private static final boolean isDataPresent = ClassUtils | ||||||
| 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null); | 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null); | ||||||
| 
 | 
 | ||||||
| 	private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange", |  | ||||||
| 			null); |  | ||||||
| 
 |  | ||||||
| 	private static final boolean isObservabilityPresent = ClassUtils | 	private static final boolean isObservabilityPresent = ClassUtils | ||||||
| 		.isPresent("io.micrometer.observation.ObservationRegistry", null); | 		.isPresent("io.micrometer.observation.ObservationRegistry", null); | ||||||
| 
 | 
 | ||||||
| @ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { | |||||||
| 		if (isDataPresent) { | 		if (isDataPresent) { | ||||||
| 			imports.add(AuthorizationProxyDataConfiguration.class.getName()); | 			imports.add(AuthorizationProxyDataConfiguration.class.getName()); | ||||||
| 		} | 		} | ||||||
| 		if (isWebPresent) { |  | ||||||
| 			imports.add(AuthorizationProxyWebConfiguration.class.getName()); |  | ||||||
| 		} |  | ||||||
| 		if (isObservabilityPresent) { | 		if (isObservabilityPresent) { | ||||||
| 			imports.add(ReactiveMethodObservationConfiguration.class.getName()); | 			imports.add(ReactiveMethodObservationConfiguration.class.getName()); | ||||||
| 		} | 		} | ||||||
|  | |||||||
| @ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce | |||||||
| import org.springframework.context.annotation.Bean; | import org.springframework.context.annotation.Bean; | ||||||
| import org.springframework.context.annotation.Configuration; | import org.springframework.context.annotation.Configuration; | ||||||
| import org.springframework.context.annotation.Role; | import org.springframework.context.annotation.Role; | ||||||
| import org.springframework.http.HttpStatusCode; |  | ||||||
| import org.springframework.http.ResponseEntity; |  | ||||||
| import org.springframework.security.access.AccessDeniedException; | import org.springframework.security.access.AccessDeniedException; | ||||||
| import org.springframework.security.access.PermissionEvaluator; | import org.springframework.security.access.PermissionEvaluator; | ||||||
| import org.springframework.security.access.annotation.Secured; | import org.springframework.security.access.annotation.Secured; | ||||||
| @ -66,7 +64,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio | |||||||
| import org.springframework.security.test.context.support.WithMockUser; | import org.springframework.security.test.context.support.WithMockUser; | ||||||
| import org.springframework.stereotype.Component; | import org.springframework.stereotype.Component; | ||||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||||
| import org.springframework.web.servlet.ModelAndView; |  | ||||||
| 
 | 
 | ||||||
| import static org.assertj.core.api.Assertions.assertThat; | import static org.assertj.core.api.Assertions.assertThat; | ||||||
| import static org.assertj.core.api.Assertions.assertThatExceptionOfType; | import static org.assertj.core.api.Assertions.assertThatExceptionOfType; | ||||||
| @ -363,48 +360,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { | |||||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); | 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	@Test |  | ||||||
| 	@WithMockUser(authorities = "airplane:read") |  | ||||||
| 	public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() { |  | ||||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); |  | ||||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); |  | ||||||
| 		Flight flight = flights.webFindById("1").block().getBody(); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getAltitude().block()); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	@Test |  | ||||||
| 	@WithMockUser(authorities = "seating:read") |  | ||||||
| 	public void findByIdWhenUnauthorizedResponseEntityThenDenies() { |  | ||||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); |  | ||||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); |  | ||||||
| 		Flight flight = flights.webFindById("1").block().getBody(); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); |  | ||||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	@Test |  | ||||||
| 	@WithMockUser(authorities = "airplane:read") |  | ||||||
| 	public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() { |  | ||||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); |  | ||||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); |  | ||||||
| 		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight"); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getAltitude().block()); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); |  | ||||||
| 		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull(); |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	@Test |  | ||||||
| 	@WithMockUser(authorities = "seating:read") |  | ||||||
| 	public void findByIdWhenUnauthorizedModelAndViewThenDenies() { |  | ||||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); |  | ||||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); |  | ||||||
| 		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight"); |  | ||||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); |  | ||||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); |  | ||||||
| 		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull(); |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	@Test | 	@Test | ||||||
| 	@WithMockUser(authorities = "seating:read") | 	@WithMockUser(authorities = "seating:read") | ||||||
| 	public void findAllWhenUnauthorizedResultThenDenies() { | 	public void findAllWhenUnauthorizedResultThenDenies() { | ||||||
| @ -752,22 +707,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { | |||||||
| 			return Mono.empty(); | 			return Mono.empty(); | ||||||
| 		} | 		} | ||||||
| 
 | 
 | ||||||
| 		Mono<ResponseEntity<Flight>> webFindById(String id) { |  | ||||||
| 			Flight flight = this.flights.get(id); |  | ||||||
| 			if (flight == null) { |  | ||||||
| 				return Mono.just(ResponseEntity.notFound().build()); |  | ||||||
| 			} |  | ||||||
| 			return Mono.just(ResponseEntity.ok(flight)); |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 		Mono<ModelAndView> webViewFindById(String id) { |  | ||||||
| 			Flight flight = this.flights.get(id); |  | ||||||
| 			if (flight == null) { |  | ||||||
| 				return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404))); |  | ||||||
| 			} |  | ||||||
| 			return Mono.just(new ModelAndView("flights", Map.of("flight", flight))); |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	@AuthorizeReturnObject | 	@AuthorizeReturnObject | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user