Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x'

Browse Source
This commit is contained in:
Joe Grandja 2022-10-13 06:31:37 -04:00
commit 6026f9f70f
2 changed files with 2 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
View File

@ -48,8 +48,6 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings; private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings;
private AuthorizationManager<RequestAuthorizationContext> defaultManager = (authentication, request) -> null;
private RequestMatcherDelegatingAuthorizationManager( private RequestMatcherDelegatingAuthorizationManager(
List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings) { List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings) {
Assert.notEmpty(mappings, "mappings cannot be empty"); Assert.notEmpty(mappings, "mappings cannot be empty");
@ -83,10 +81,8 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
new RequestAuthorizationContext(request, matchResult.getVariables())); new RequestAuthorizationContext(request, matchResult.getVariables()));
} }
} }
if (this.logger.isTraceEnabled()) { this.logger.trace("Abstaining since did not find matching RequestMatcher");
this.logger.trace(LogMessage.format("Checking authorization on %s using %s", request, this.defaultManager)); return null;
}
return this.defaultManager.check(authentication, new RequestAuthorizationContext(request));
} }
/** /**
@ -97,21 +93,6 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
return new Builder(); return new Builder();
} }
/**
* Use this {@link AuthorizationManager} if the request fails to match any other
* configured {@link AuthorizationManager}.
*
* <p>
* This is specifically handy when considering whether to accept or deny requests by
* default. The default is to abstain from deciding on requests that don't match
* configuration.
* @param authorizationManager the {@link AuthorizationManager} to use
* @since 5.8
*/
public void setDefaultAuthorizationManager(AuthorizationManager<RequestAuthorizationContext> authorizationManager) {
this.defaultManager = authorizationManager;
}
/** /**
* A builder for {@link RequestMatcherDelegatingAuthorizationManager}. * A builder for {@link RequestMatcherDelegatingAuthorizationManager}.
*/ */

19
web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java
View File

@ -24,7 +24,6 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authorization.AuthorityAuthorizationManager; import org.springframework.security.authorization.AuthorityAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.AnyRequestMatcher;
@ -32,10 +31,6 @@ import org.springframework.security.web.util.matcher.RequestMatcherEntry;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
/** /**
* Tests for {@link RequestMatcherDelegatingAuthorizationManager}. * Tests for {@link RequestMatcherDelegatingAuthorizationManager}.
@ -120,20 +115,6 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
assertThat(unmapped.isGranted()).isFalse(); assertThat(unmapped.isGranted()).isFalse();
} }
@Test
public void checkWhenNoMatchesThenUsesDefaultAuthorizationManager() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
.add((request) -> false, (authentication, context) -> new AuthorizationDecision(false)).build();
AuthorizationManager<RequestAuthorizationContext> defaultManager = mock(AuthorizationManager.class);
given(defaultManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
manager.setDefaultAuthorizationManager(defaultManager);
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password");
AuthorizationDecision decision = manager.check(authentication, new MockHttpServletRequest(null, "/endpoint"));
assertThat(decision).isNotNull();
assertThat(decision.isGranted()).isTrue();
verify(defaultManager).check(any(), any());
}
@Test @Test
public void addWhenMappingsConsumerNullThenException() { public void addWhenMappingsConsumerNullThenException() {
assertThatIllegalArgumentException() assertThatIllegalArgumentException()