Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-24 19:28:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.5.x'

Browse Source
This commit is contained in:
Josh Cummings 2025-07-17 18:04:52 -06:00
commit 25f69e92c7
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
2 changed files with 0 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
View File

@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
private static final boolean isDataPresent = ClassUtils private static final boolean isDataPresent = ClassUtils
.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null); .isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null);
private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange",
null);
private static final boolean isObservabilityPresent = ClassUtils private static final boolean isObservabilityPresent = ClassUtils
.isPresent("io.micrometer.observation.ObservationRegistry", null); .isPresent("io.micrometer.observation.ObservationRegistry", null);
@ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
if (isDataPresent) { if (isDataPresent) {
imports.add(AuthorizationProxyDataConfiguration.class.getName()); imports.add(AuthorizationProxyDataConfiguration.class.getName());
} }
if (isWebPresent) {
imports.add(AuthorizationProxyWebConfiguration.class.getName());
}
if (isObservabilityPresent) { if (isObservabilityPresent) {
imports.add(ReactiveMethodObservationConfiguration.class.getName()); imports.add(ReactiveMethodObservationConfiguration.class.getName());
} }

61
config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
View File

@ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Role; import org.springframework.context.annotation.Role;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.annotation.Secured; import org.springframework.security.access.annotation.Secured;
@ -66,7 +64,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.web.servlet.ModelAndView;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -363,48 +360,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
} }
@Test
@WithMockUser(authorities = "airplane:read")
public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = flights.webFindById("1").block().getBody();
assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
}
@Test
@WithMockUser(authorities = "seating:read")
public void findByIdWhenUnauthorizedResponseEntityThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = flights.webFindById("1").block().getBody();
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
}
@Test
@WithMockUser(authorities = "airplane:read")
public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
}
@Test
@WithMockUser(authorities = "seating:read")
public void findByIdWhenUnauthorizedModelAndViewThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
}
@Test @Test
@WithMockUser(authorities = "seating:read") @WithMockUser(authorities = "seating:read")
public void findAllWhenUnauthorizedResultThenDenies() { public void findAllWhenUnauthorizedResultThenDenies() {
@ -752,22 +707,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
return Mono.empty(); return Mono.empty();
} }
Mono<ResponseEntity<Flight>> webFindById(String id) {
Flight flight = this.flights.get(id);
if (flight == null) {
return Mono.just(ResponseEntity.notFound().build());
}
return Mono.just(ResponseEntity.ok(flight));
}
Mono<ModelAndView> webViewFindById(String id) {
Flight flight = this.flights.get(id);
if (flight == null) {
return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404)));
}
return Mono.just(new ModelAndView("flights", Map.of("flight", flight)));
}
} }
@AuthorizeReturnObject @AuthorizeReturnObject