Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Lazily Create Throwables

Browse Source 
Fixes: gh-5040
This commit is contained in:
Rob Winch 2018-02-26 16:23:03 -06:00
parent bb59733736
commit 8d75554b6b
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
View File

@ -76,7 +76,7 @@ public class PrePostAdviceReactiveMethodInterceptor implements MethodInterceptor
.map(SecurityContext::getAuthentication) .map(SecurityContext::getAuthentication)
.defaultIfEmpty(this.anonymous) .defaultIfEmpty(this.anonymous)
.filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr)) .filter( auth -> this.preInvocationAdvice.before(auth, invocation, preAttr))
.switchIfEmpty(Mono.error(new AccessDeniedException("Denied"))); .switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Denied"))));
PostInvocationAttribute attr = findPostInvocationAttribute(attributes); PostInvocationAttribute attr = findPostInvocationAttribute(attributes);

2
core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java
View File

@ -45,7 +45,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManager implements React
return this.userDetailsService.findByUsername(username) return this.userDetailsService.findByUsername(username)
.publishOn(Schedulers.parallel()) .publishOn(Schedulers.parallel())
.filter( u -> this.passwordEncoder.matches((String) authentication.getCredentials(), u.getPassword())) .filter( u -> this.passwordEncoder.matches((String) authentication.getCredentials(), u.getPassword()))
.switchIfEmpty( Mono.error(new BadCredentialsException("Invalid Credentials")) ) .switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials"))))
.map( u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) ); .map( u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) );
} }

2
core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java
View File

@ -50,7 +50,7 @@ public interface ReactiveAuthorizationManager<T> {
default Mono<Void> verify(Mono<Authentication> authentication, T object) { default Mono<Void> verify(Mono<Authentication> authentication, T object) {
return check(authentication, object) return check(authentication, object)
.filter( d -> d.isGranted()) .filter( d -> d.isGranted())
.switchIfEmpty( Mono.error(new AccessDeniedException("Access Denied")) ) .switchIfEmpty(Mono.defer(() -> Mono.error(new AccessDeniedException("Access Denied"))))
.flatMap( d -> Mono.empty() ); .flatMap( d -> Mono.empty() );
} }
} }

4
web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java
View File

@ -95,9 +95,9 @@ public class CsrfWebFilter implements WebFilter {
private Mono<Void> validateToken(ServerWebExchange exchange) { private Mono<Void> validateToken(ServerWebExchange exchange) {
return this.csrfTokenRepository.loadToken(exchange) return this.csrfTokenRepository.loadToken(exchange)
.switchIfEmpty(Mono.error(new CsrfException("CSRF Token has been associated to this client"))) .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("CSRF Token has been associated to this client"))))
.filterWhen(expected -> containsValidCsrfToken(exchange, expected)) .filterWhen(expected -> containsValidCsrfToken(exchange, expected))
.switchIfEmpty(Mono.error(new CsrfException("Invalid CSRF Token"))) .switchIfEmpty(Mono.defer(() -> Mono.error(new CsrfException("Invalid CSRF Token"))))
.then(); .then();
} }