Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 21:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix PrePostAdviceReactiveMethodInterceptor tangle

Browse Source 
Issue: gh-4636
This commit is contained in:
Rob Winch 2017-10-13 14:17:21 -05:00
parent 579282437b
commit 7fd1cff3ce
2 changed files with 14 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java
View File

@ -26,7 +26,7 @@ import org.springframework.security.access.expression.method.*;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
import org.springframework.security.access.method.AbstractMethodSecurityMetadataSource;
import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
import org.springframework.security.access.method.PrePostAdviceReactiveMethodInterceptor;
import org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor;
import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
import java.util.Arrays;
@ -65,10 +65,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice();
preAdvice.setExpressionHandler(handler);
PrePostAdviceReactiveMethodInterceptor result = new PrePostAdviceReactiveMethodInterceptor(source);
result.setPostAdvice(postAdvice);
result.setPreAdvice(preAdvice);
return result;
return new PrePostAdviceReactiveMethodInterceptor(source, preAdvice, postAdvice);
}
@Bean

39
core/src/main/java/org/springframework/security/access/method/PrePostAdviceReactiveMethodInterceptor.java → core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
View File

@ -14,21 +14,14 @@
* limitations under the License.
*/
package org.springframework.security.access.method;
package org.springframework.security.access.prepost;
import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.reactivestreams.Publisher;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.access.prepost.PostInvocationAttribute;
import org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice;
import org.springframework.security.access.prepost.PreInvocationAttribute;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice;
import org.springframework.security.access.method.MethodSecurityMetadataSource;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
@ -51,26 +44,18 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
private final MethodSecurityMetadataSource attributeSource;
private PostInvocationAuthorizationAdvice postAdvice;
private final PreInvocationAuthorizationAdvice preInvocationAdvice;
private PreInvocationAuthorizationAdvice preAdvice;
private final PostInvocationAuthorizationAdvice postAdvice;
public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource, PreInvocationAuthorizationAdvice preInvocationAdvice, PostInvocationAuthorizationAdvice postInvocationAdvice) {
Assert.notNull(attributeSource, "attributeSource cannot be null");
Assert.notNull(preInvocationAdvice, "preInvocationAdvice cannot be null");
Assert.notNull(postInvocationAdvice, "postInvocationAdvice cannot be null");
public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource) {
this.attributeSource = attributeSource;
MethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler();
this.postAdvice = new ExpressionBasedPostInvocationAdvice(handler);
this.preAdvice = new ExpressionBasedPreInvocationAdvice();
}
public void setPostAdvice(PostInvocationAuthorizationAdvice postAdvice) {
Assert.notNull(postAdvice, "postAdvice cannot be null");
this.postAdvice = postAdvice;
}
public void setPreAdvice(PreInvocationAuthorizationAdvice preAdvice) {
Assert.notNull(preAdvice, "preAdvice cannot be null");
this.preAdvice = preAdvice;
this.preInvocationAdvice = preInvocationAdvice;
this.postAdvice = postInvocationAdvice;
}
@Override
@ -86,7 +71,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
Mono<Authentication> toInvoke = Mono.subscriberContext()
.defaultIfEmpty(Context.empty())
.flatMap( cxt -> cxt.getOrDefault(Authentication.class, Mono.just(anonymous)))
.filter( auth -> this.preAdvice.before(auth, invocation, preAttr))
.filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr))
.switchIfEmpty(Mono.error(new AccessDeniedException("Denied")));