Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Configure CurrentSecurityContextArgumentResolver BeanResolver 

Closes gh-9331
This commit is contained in:
happier233 2021-01-07 00:06:05 +08:00 committed by Josh Cummings
parent 542c625d7d
commit 7a5c34ca57
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
3 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
View File

@ -108,7 +108,7 @@ public final class CurrentSecurityContextArgumentResolver
StandardEvaluationContext context = new StandardEvaluationContext(); StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(securityContext); context.setRootObject(securityContext);
context.setVariable("this", securityContext); context.setVariable("this", securityContext);
context.setBeanResolver(this.beanResolver);
Expression expression = this.parser.parseExpression(expressionToParse); Expression expression = this.parser.parseExpression(expressionToParse);
securityContextResult = expression.getValue(context); securityContextResult = expression.getValue(context);
} }

28
web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
View File

@ -22,11 +22,14 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target; import java.lang.annotation.Target;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.function.Function;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.core.MethodParameter; import org.springframework.core.MethodParameter;
import org.springframework.expression.AccessException;
import org.springframework.expression.BeanResolver;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
@ -40,12 +43,21 @@ import org.springframework.util.ReflectionUtils;
* *
*/ */
public class AuthenticationPrincipalArgumentResolverTests { public class AuthenticationPrincipalArgumentResolverTests {
private final BeanResolver beanResolver = ((context, beanName) -> {
if (!"test".equals(beanName)) {
throw new AccessException("Could not resolve bean reference against BeanFactory");
}
return (Function<CustomUserPrincipal, String>) (principal) -> principal.property;
});
private Object expectedPrincipal; private Object expectedPrincipal;
private AuthenticationPrincipalArgumentResolver resolver; private AuthenticationPrincipalArgumentResolver resolver;
@Before @Before
public void setup() { public void setup() {
resolver = new AuthenticationPrincipalArgumentResolver(); resolver = new AuthenticationPrincipalArgumentResolver();
resolver.setBeanResolver(this.beanResolver);
} }
@After @After
@ -128,6 +140,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
.isEqualTo(this.expectedPrincipal); .isEqualTo(this.expectedPrincipal);
} }
@Test
public void resolveArgumentSpelBean() throws Exception {
CustomUserPrincipal principal = new CustomUserPrincipal();
setAuthenticationPrincipal(principal);
this.expectedPrincipal = principal.property;
assertThat(this.resolver.resolveArgument(showUserSpelBean(), null, null, null)).isEqualTo(this.expectedPrincipal);
}
@Test @Test
public void resolveArgumentSpelCopy() throws Exception { public void resolveArgumentSpelCopy() throws Exception {
CopyUserPrincipal principal = new CopyUserPrincipal("property"); CopyUserPrincipal principal = new CopyUserPrincipal("property");
@ -198,6 +218,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
return getMethodParameter("showUserSpel", String.class); return getMethodParameter("showUserSpel", String.class);
} }
private MethodParameter showUserSpelBean() {
return getMethodParameter("showUserSpelBean", String.class);
}
private MethodParameter showUserSpelCopy() { private MethodParameter showUserSpelCopy() {
return getMethodParameter("showUserSpelCopy", CopyUserPrincipal.class); return getMethodParameter("showUserSpelCopy", CopyUserPrincipal.class);
} }
@ -255,6 +279,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
@AuthenticationPrincipal(expression = "property") String user) { @AuthenticationPrincipal(expression = "property") String user) {
} }
public void showUserSpelBean(@AuthenticationPrincipal(
expression = "@test.apply(#this)") String user) {
}
public void showUserSpelCopy( public void showUserSpelCopy(
@AuthenticationPrincipal(expression = "new org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) { @AuthenticationPrincipal(expression = "new org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
} }

29
web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
View File

@ -20,12 +20,15 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target; import java.lang.annotation.Target;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.util.function.Function;
import org.junit.After; import org.junit.After;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.core.MethodParameter; import org.springframework.core.MethodParameter;
import org.springframework.expression.AccessException;
import org.springframework.expression.BeanResolver;
import org.springframework.expression.spel.SpelEvaluationException; import org.springframework.expression.spel.SpelEvaluationException;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -45,11 +48,20 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
* *
*/ */
public class CurrentSecurityContextArgumentResolverTests { public class CurrentSecurityContextArgumentResolverTests {
private final BeanResolver beanResolver = ((context, beanName) -> {
if (!"test".equals(beanName)) {
throw new AccessException("Could not resolve bean reference against BeanFactory");
}
return (Function<SecurityContext, Authentication>) SecurityContext::getAuthentication;
});
private CurrentSecurityContextArgumentResolver resolver; private CurrentSecurityContextArgumentResolver resolver;
@Before @Before
public void setup() { public void setup() {
this.resolver = new CurrentSecurityContextArgumentResolver(); this.resolver = new CurrentSecurityContextArgumentResolver();
this.resolver.setBeanResolver(this.beanResolver);
} }
@After @After
@ -104,6 +116,15 @@ public class CurrentSecurityContextArgumentResolverTests {
assertThat(auth1.getPrincipal()).isEqualTo(principal); assertThat(auth1.getPrincipal()).isEqualTo(principal);
} }
@Test
public void resolveArgumentWithAuthenticationWithBean() {
String principal = "john";
setAuthenticationPrincipal(principal);
Authentication auth1 = (Authentication) this.resolver
.resolveArgument(showSecurityContextAuthenticationWithBean(), null, null, null);
assertThat(auth1.getPrincipal()).isEqualTo(principal);
}
@Test @Test
public void resolveArgumentWithNullAuthentication() { public void resolveArgumentWithNullAuthentication() {
SecurityContext context = SecurityContextHolder.getContext(); SecurityContext context = SecurityContextHolder.getContext();
@ -217,6 +238,10 @@ public class CurrentSecurityContextArgumentResolverTests {
return getMethodParameter("showSecurityContextAuthenticationAnnotation", Authentication.class); return getMethodParameter("showSecurityContextAuthenticationAnnotation", Authentication.class);
} }
public MethodParameter showSecurityContextAuthenticationWithBean() {
return getMethodParameter("showSecurityContextAuthenticationWithBean", Authentication.class);
}
private MethodParameter showSecurityContextAuthenticationWithOptionalPrincipal() { private MethodParameter showSecurityContextAuthenticationWithOptionalPrincipal() {
return getMethodParameter("showSecurityContextAuthenticationWithOptionalPrincipal", Object.class); return getMethodParameter("showSecurityContextAuthenticationWithOptionalPrincipal", Object.class);
} }
@ -279,6 +304,10 @@ public class CurrentSecurityContextArgumentResolverTests {
public void showSecurityContextAuthenticationAnnotation(@CurrentSecurityContext(expression = "authentication") Authentication authentication) { public void showSecurityContextAuthenticationAnnotation(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
} }
public void showSecurityContextAuthenticationWithBean(
@CurrentSecurityContext(expression = "@test.apply(#this)") Authentication authentication) {
}
public void showSecurityContextAuthenticationWithOptionalPrincipal(@CurrentSecurityContext(expression = "authentication?.principal") Object principal) { public void showSecurityContextAuthenticationWithOptionalPrincipal(@CurrentSecurityContext(expression = "authentication?.principal") Object principal) {
} }