From 6438603cb6485ed846497d5f5d51be03e2e49d5b Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Thu, 10 Apr 2025 10:41:36 -0600 Subject: [PATCH] Pick Up TargetVisitor Beans Closes gh-16923 --- .../AuthorizationProxyConfiguration.java | 7 ++++++- .../servlet/authorization/method-security.adoc | 16 +++++++++++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyConfiguration.java index 9ef918df58..a723a9a13f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyConfiguration.java @@ -32,6 +32,7 @@ import org.springframework.security.aot.hint.SecurityHintsRegistrar; import org.springframework.security.authorization.AuthorizationProxyFactory; import org.springframework.security.authorization.method.AuthorizationAdvisor; import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory; +import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor; import org.springframework.security.authorization.method.AuthorizeReturnObjectMethodInterceptor; import org.springframework.security.config.Customizer; @@ -41,11 +42,15 @@ final class AuthorizationProxyConfiguration implements AopInfrastructureBean { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) static AuthorizationAdvisorProxyFactory authorizationProxyFactory( - ObjectProvider authorizationAdvisors, + ObjectProvider authorizationAdvisors, ObjectProvider targetVisitors, ObjectProvider> customizers) { List advisors = new ArrayList<>(); authorizationAdvisors.forEach(advisors::add); + List visitors = new ArrayList<>(); + targetVisitors.orderedStream().forEach(visitors::add); + visitors.add(TargetVisitor.defaults()); AuthorizationAdvisorProxyFactory factory = new AuthorizationAdvisorProxyFactory(advisors); + factory.setTargetVisitor(TargetVisitor.of(visitors.toArray(TargetVisitor[]::new))); customizers.forEach((c) -> c.customize(factory)); return factory; } diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index c3bfab7db7..944e1813f2 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -2143,9 +2143,13 @@ Java:: + [source,java,role="primary"] ---- +import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor; + +// ... + @Bean -static Customizer skipValueTypes() { - return (factory) -> factory.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes()); +static TargetVisitor skipValueTypes() { + return TargetVisitor.defaultsSkipValueTypes(); } ---- @@ -2153,10 +2157,12 @@ Kotlin:: + [source,kotlin,role="secondary"] ---- +import org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.TargetVisitor + +// ... + @Bean -open fun skipValueTypes() = Customizer { - it.setTargetVisitor(TargetVisitor.defaultsSkipValueTypes()) -} +open fun skipValueTypes() = TargetVisitor.defaultsSkipValueTypes() ---- ======