From 8d75554b6b37a68e1c1e3a8a88201b37afe8c24a Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 26 Feb 2018 16:23:03 -0600 Subject: [PATCH] Lazily Create Throwables Fixes: gh-5040 --- .../prepost/PrePostAdviceReactiveMethodInterceptor.java | 2 +- .../UserDetailsRepositoryReactiveAuthenticationManager.java | 2 +- .../security/authorization/ReactiveAuthorizationManager.java | 2 +- .../security/web/server/csrf/CsrfWebFilter.java | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java index 99d37a84e8..9988156201 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java @@ -76,7 +76,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor .map(SecurityContext::getAuthentication) .defaultIfEmpty(this.anonymous) .filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr)) - .switchIfEmpty(Mono.error(new AccessDeniedException("Denied"))); + .switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied")))); PostInvocationAttribute attr = findPostInvocationAttribute(attributes); diff --git a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java index ed062e142e..1a0279313d 100644 --- a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java @@ -45,7 +45,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManager implements React return this.userDetailsService.findByUsername(username) .publishOn(Schedulers.parallel()) .filter( u -> this.passwordEncoder.matches((String) authentication.getCredentials(), u.getPassword())) - .switchIfEmpty( Mono.error(new BadCredentialsException("Invalid Credentials")) ) + .switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials")))) .map( u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) ); } diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java index f3edc5246a..1d7d2600f9 100644 --- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java @@ -50,7 +50,7 @@ public interface ReactiveAuthorizationManager { default Mono verify(Mono authentication, T object) { return check(authentication, object) .filter( d -> d.isGranted()) - .switchIfEmpty( Mono.error(new AccessDeniedException("Access Denied")) ) + .switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied")))) .flatMap( d -> Mono.empty() ); } } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java index 6de08bed5d..46b83f3337 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java @@ -95,9 +95,9 @@ public class CsrfWebFilter implements WebFilter { private Mono validateToken(ServerWebExchange exchange) { return this.csrfTokenRepository.loadToken(exchange) - .switchIfEmpty(Mono.error(new CsrfException("CSRF Token has been associated to this client"))) + .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client")))) .filterWhen(expected -> containsValidCsrfToken(exchange, expected)) - .switchIfEmpty(Mono.error(new CsrfException("Invalid CSRF Token"))) + .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token")))) .then(); }