From 7fd1cff3ce08263bfc370d011d8eb11b3cd5cfdf Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 13 Oct 2017 14:17:21 -0500 Subject: [PATCH] Fix PrePostAdviceReactiveMethodInterceptor tangle Issue: gh-4636 --- .../ReactiveMethodSecurityConfiguration.java | 7 +--- ...rePostAdviceReactiveMethodInterceptor.java | 39 ++++++------------- 2 files changed, 14 insertions(+), 32 deletions(-) rename core/src/main/java/org/springframework/security/access/{method => prepost}/PrePostAdviceReactiveMethodInterceptor.java (72%) diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java index 38c2abf288..aaee80240e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java @@ -26,7 +26,7 @@ import org.springframework.security.access.expression.method.*; import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor; import org.springframework.security.access.method.AbstractMethodSecurityMetadataSource; import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource; -import org.springframework.security.access.method.PrePostAdviceReactiveMethodInterceptor; +import org.springframework.security.access.prepost.PrePostAdviceReactiveMethodInterceptor; import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource; import java.util.Arrays; @@ -65,10 +65,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice(); preAdvice.setExpressionHandler(handler); - PrePostAdviceReactiveMethodInterceptor result = new PrePostAdviceReactiveMethodInterceptor(source); - result.setPostAdvice(postAdvice); - result.setPreAdvice(preAdvice); - return result; + return new PrePostAdviceReactiveMethodInterceptor(source, preAdvice, postAdvice); } @Bean diff --git a/core/src/main/java/org/springframework/security/access/method/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java similarity index 72% rename from core/src/main/java/org/springframework/security/access/method/PrePostAdviceReactiveMethodInterceptor.java rename to core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java index 6d627b0f10..b9fd564926 100644 --- a/core/src/main/java/org/springframework/security/access/method/PrePostAdviceReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java @@ -14,21 +14,14 @@ * limitations under the License. */ -package org.springframework.security.access.method; +package org.springframework.security.access.prepost; import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInvocation; import org.reactivestreams.Publisher; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; -import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice; -import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice; -import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.prepost.PostInvocationAttribute; -import org.springframework.security.access.prepost.PostInvocationAuthorizationAdvice; -import org.springframework.security.access.prepost.PreInvocationAttribute; -import org.springframework.security.access.prepost.PreInvocationAuthorizationAdvice; +import org.springframework.security.access.method.MethodSecurityMetadataSource; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; @@ -51,26 +44,18 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor private final MethodSecurityMetadataSource attributeSource; - private PostInvocationAuthorizationAdvice postAdvice; + private final PreInvocationAuthorizationAdvice preInvocationAdvice; - private PreInvocationAuthorizationAdvice preAdvice; + private final PostInvocationAuthorizationAdvice postAdvice; + + public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource, PreInvocationAuthorizationAdvice preInvocationAdvice, PostInvocationAuthorizationAdvice postInvocationAdvice) { + Assert.notNull(attributeSource, "attributeSource cannot be null"); + Assert.notNull(preInvocationAdvice, "preInvocationAdvice cannot be null"); + Assert.notNull(postInvocationAdvice, "postInvocationAdvice cannot be null"); - public PrePostAdviceReactiveMethodInterceptor(MethodSecurityMetadataSource attributeSource) { this.attributeSource = attributeSource; - - MethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler(); - this.postAdvice = new ExpressionBasedPostInvocationAdvice(handler); - this.preAdvice = new ExpressionBasedPreInvocationAdvice(); - } - - public void setPostAdvice(PostInvocationAuthorizationAdvice postAdvice) { - Assert.notNull(postAdvice, "postAdvice cannot be null"); - this.postAdvice = postAdvice; - } - - public void setPreAdvice(PreInvocationAuthorizationAdvice preAdvice) { - Assert.notNull(preAdvice, "preAdvice cannot be null"); - this.preAdvice = preAdvice; + this.preInvocationAdvice = preInvocationAdvice; + this.postAdvice = postInvocationAdvice; } @Override @@ -86,7 +71,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor Mono toInvoke = Mono.subscriberContext() .defaultIfEmpty(Context.empty()) .flatMap( cxt -> cxt.getOrDefault(Authentication.class, Mono.just(anonymous))) - .filter( auth -> this.preAdvice.before(auth, invocation, preAttr)) + .filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr)) .switchIfEmpty(Mono.error(new AccessDeniedException("Denied")));