mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-24 19:28:45 +00:00 
			
		
		
		
	Merge branch '6.5.x'
This commit is contained in:
		
						commit
						25f69e92c7
					
				| @ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { | ||||
| 	private static final boolean isDataPresent = ClassUtils | ||||
| 		.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null); | ||||
| 
 | ||||
| 	private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange", | ||||
| 			null); | ||||
| 
 | ||||
| 	private static final boolean isObservabilityPresent = ClassUtils | ||||
| 		.isPresent("io.micrometer.observation.ObservationRegistry", null); | ||||
| 
 | ||||
| @ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { | ||||
| 		if (isDataPresent) { | ||||
| 			imports.add(AuthorizationProxyDataConfiguration.class.getName()); | ||||
| 		} | ||||
| 		if (isWebPresent) { | ||||
| 			imports.add(AuthorizationProxyWebConfiguration.class.getName()); | ||||
| 		} | ||||
| 		if (isObservabilityPresent) { | ||||
| 			imports.add(ReactiveMethodObservationConfiguration.class.getName()); | ||||
| 		} | ||||
|  | ||||
| @ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce | ||||
| import org.springframework.context.annotation.Bean; | ||||
| import org.springframework.context.annotation.Configuration; | ||||
| import org.springframework.context.annotation.Role; | ||||
| import org.springframework.http.HttpStatusCode; | ||||
| import org.springframework.http.ResponseEntity; | ||||
| import org.springframework.security.access.AccessDeniedException; | ||||
| import org.springframework.security.access.PermissionEvaluator; | ||||
| import org.springframework.security.access.annotation.Secured; | ||||
| @ -66,7 +64,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio | ||||
| import org.springframework.security.test.context.support.WithMockUser; | ||||
| import org.springframework.stereotype.Component; | ||||
| import org.springframework.test.context.junit.jupiter.SpringExtension; | ||||
| import org.springframework.web.servlet.ModelAndView; | ||||
| 
 | ||||
| import static org.assertj.core.api.Assertions.assertThat; | ||||
| import static org.assertj.core.api.Assertions.assertThatExceptionOfType; | ||||
| @ -363,48 +360,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { | ||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); | ||||
| 	} | ||||
| 
 | ||||
| 	@Test | ||||
| 	@WithMockUser(authorities = "airplane:read") | ||||
| 	public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() { | ||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); | ||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); | ||||
| 		Flight flight = flights.webFindById("1").block().getBody(); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getAltitude().block()); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); | ||||
| 	} | ||||
| 
 | ||||
| 	@Test | ||||
| 	@WithMockUser(authorities = "seating:read") | ||||
| 	public void findByIdWhenUnauthorizedResponseEntityThenDenies() { | ||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); | ||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); | ||||
| 		Flight flight = flights.webFindById("1").block().getBody(); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); | ||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); | ||||
| 	} | ||||
| 
 | ||||
| 	@Test | ||||
| 	@WithMockUser(authorities = "airplane:read") | ||||
| 	public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() { | ||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); | ||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); | ||||
| 		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight"); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getAltitude().block()); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); | ||||
| 		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull(); | ||||
| 	} | ||||
| 
 | ||||
| 	@Test | ||||
| 	@WithMockUser(authorities = "seating:read") | ||||
| 	public void findByIdWhenUnauthorizedModelAndViewThenDenies() { | ||||
| 		this.spring.register(AuthorizeResultConfig.class).autowire(); | ||||
| 		FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); | ||||
| 		Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight"); | ||||
| 		assertThatNoException().isThrownBy(() -> flight.getSeats().block()); | ||||
| 		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block()); | ||||
| 		assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull(); | ||||
| 	} | ||||
| 
 | ||||
| 	@Test | ||||
| 	@WithMockUser(authorities = "seating:read") | ||||
| 	public void findAllWhenUnauthorizedResultThenDenies() { | ||||
| @ -752,22 +707,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { | ||||
| 			return Mono.empty(); | ||||
| 		} | ||||
| 
 | ||||
| 		Mono<ResponseEntity<Flight>> webFindById(String id) { | ||||
| 			Flight flight = this.flights.get(id); | ||||
| 			if (flight == null) { | ||||
| 				return Mono.just(ResponseEntity.notFound().build()); | ||||
| 			} | ||||
| 			return Mono.just(ResponseEntity.ok(flight)); | ||||
| 		} | ||||
| 
 | ||||
| 		Mono<ModelAndView> webViewFindById(String id) { | ||||
| 			Flight flight = this.flights.get(id); | ||||
| 			if (flight == null) { | ||||
| 				return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404))); | ||||
| 			} | ||||
| 			return Mono.just(new ModelAndView("flights", Map.of("flight", flight))); | ||||
| 		} | ||||
| 
 | ||||
| 	} | ||||
| 
 | ||||
| 	@AuthorizeReturnObject | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user