From ae8e77f9fff6fdbac00d0a657644677c32cdbde2 Mon Sep 17 00:00:00 2001 From: Eleftheria Stein Date: Tue, 5 Apr 2022 13:12:17 +0200 Subject: [PATCH] Remove blocking call from ExceptionTranslationWebFilter This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters. Closes gh-10864 --- .../ExceptionTranslationWebFilter.java | 14 ++++---------- .../ExceptionTranslationWebFilterTests.java | 7 +------ 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java index b83663fc82..0c7acb1596 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,6 @@ import reactor.core.publisher.Mono; import org.springframework.context.MessageSource; import org.springframework.context.MessageSourceAware; -import org.springframework.context.support.MessageSourceAccessor; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; @@ -29,7 +28,6 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.web.server.ServerAuthenticationEntryPoint; import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint; import org.springframework.util.Assert; @@ -51,8 +49,6 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl(); - protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); - @Override public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { return chain.filter(exchange).onErrorResume(AccessDeniedException.class, (denied) -> exchange.getPrincipal() @@ -60,8 +56,7 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw && !(this.authenticationTrustResolver.isAnonymous((Authentication) principal))))) .switchIfEmpty(commenceAuthentication(exchange, new InsufficientAuthenticationException( - this.messages.getMessage("ExceptionTranslationWebFilter.insufficientAuthentication", - "Full authentication is required to access this resource")))) + "Full authentication is required to access this resource"))) .flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)).then()); } @@ -99,11 +94,10 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw /** * @since 5.5 + * @deprecated This class no longer retrieves error messages from a MessageSource */ - @Override + @Deprecated public void setMessageSource(MessageSource messageSource) { - Assert.notNull(messageSource, "messageSource cannot be null"); - this.messages = new MessageSourceAccessor(messageSource); } private Mono commenceAuthentication(ServerWebExchange exchange, AuthenticationException denied) { diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java index b8a0aa9258..b6648bea4f 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/ExceptionTranslationWebFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -161,9 +161,4 @@ public class ExceptionTranslationWebFilterTests { assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthenticationTrustResolver(null)); } - @Test - public void setMessageSource() { - assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setMessageSource(null)); - } - }