Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 20:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Throw AuthorizationDeniedException when AuthorizationResult is available

Browse Source 
Closes gh-15706
This commit is contained in:
Marcus Hert Da Coregio 2024-09-09 14:45:48 -03:00
parent 7ac32e07bc
commit 2ff29dc229
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java
View File

@ -41,7 +41,7 @@ public interface AuthorizationManager<T> {
default void verify(Supplier<Authentication> authentication, T object) { default void verify(Supplier<Authentication> authentication, T object) {
AuthorizationDecision decision = check(authentication, object); AuthorizationDecision decision = check(authentication, object);
if (decision != null && !decision.isGranted()) { if (decision != null && !decision.isGranted()) {
throw new AccessDeniedException("Access Denied"); throw new AuthorizationDeniedException("Access Denied", decision);
} }
} }

4
web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
View File

@ -28,9 +28,9 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationEventPublisher;
import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.authorization.event.AuthorizationDeniedEvent; import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
@ -95,7 +95,7 @@ public class AuthorizationFilter extends GenericFilterBean {
AuthorizationDecision decision = this.authorizationManager.check(this::getAuthentication, request); AuthorizationDecision decision = this.authorizationManager.check(this::getAuthentication, request);
this.eventPublisher.publishAuthorizationEvent(this::getAuthentication, request, decision); this.eventPublisher.publishAuthorizationEvent(this::getAuthentication, request, decision);
if (decision != null && !decision.isGranted()) { if (decision != null && !decision.isGranted()) {
throw new AccessDeniedException("Access Denied"); throw new AuthorizationDeniedException("Access Denied", decision);
} }
chain.doFilter(request, response); chain.doFilter(request, response);
} }