From b97c310aba2a855d612ff2be15a4d1a3be0f7423 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 18 Dec 2023 19:12:02 +0000 Subject: [PATCH 1/4] Release 5.8.9 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 4a88a62a5f..3bfb4b74c8 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,5 @@ springBootVersion=2.7.12 -version=5.8.9-SNAPSHOT +version=5.8.9 samplesBranch=5.8.x org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError org.gradle.parallel=true From b71962e87d320cae2e4222cea2b3d34147da7cf3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 18 Dec 2023 19:49:40 +0000 Subject: [PATCH 2/4] Next development version --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 3bfb4b74c8..3ff3799830 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,5 @@ springBootVersion=2.7.12 -version=5.8.9 +version=5.8.10-SNAPSHOT samplesBranch=5.8.x org.gradle.jvmargs=-Xmx3g -XX:MaxPermSize=2048m -XX:+HeapDumpOnOutOfMemoryError org.gradle.parallel=true From 33800c012429ed0ad17c4706a0e4af14da1c8439 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 18 Dec 2023 14:25:25 -0700 Subject: [PATCH 3/4] Address eager-loading of infrastructure beans Closes gh-11596 --- .../ReactiveMethodSecurityConfiguration.java | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java index f3c1f5c4f7..a94be2a84b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java @@ -43,6 +43,7 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults; * @since 5.0 */ @Configuration(proxyBeanMethods = false) +@Role(BeanDefinition.ROLE_INFRASTRUCTURE) class ReactiveMethodSecurityConfiguration implements ImportAware { private int advisorOrder; @@ -51,16 +52,17 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) { + static MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source, + ReactiveMethodSecurityConfiguration configuration) { MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor( "securityMethodInterceptor", source, "methodMetadataSource"); - advisor.setOrder(this.advisorOrder); + advisor.setOrder(configuration.advisorOrder); return advisor; } @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - DelegatingMethodSecurityMetadataSource methodMetadataSource( + static DelegatingMethodSecurityMetadataSource methodMetadataSource( MethodSecurityExpressionHandler methodSecurityExpressionHandler) { ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory( methodSecurityExpressionHandler); @@ -70,7 +72,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { } @Bean - PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source, + static PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source, MethodSecurityExpressionHandler handler) { ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(handler); ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice(); @@ -80,10 +82,11 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler() { + DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler( + ReactiveMethodSecurityConfiguration configuration) { DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler(); - if (this.grantedAuthorityDefaults != null) { - handler.setDefaultRolePrefix(this.grantedAuthorityDefaults.getRolePrefix()); + if (configuration.grantedAuthorityDefaults != null) { + handler.setDefaultRolePrefix(configuration.grantedAuthorityDefaults.getRolePrefix()); } return handler; } From 9a5d991383b98a40b33efa34dca7855d371556ed Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 18 Dec 2023 14:25:25 -0700 Subject: [PATCH 4/4] Address eager-loading of infrastructure beans Closes gh-11596 --- .../ReactiveMethodSecurityConfiguration.java | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java index f3c1f5c4f7..a94be2a84b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfiguration.java @@ -43,6 +43,7 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults; * @since 5.0 */ @Configuration(proxyBeanMethods = false) +@Role(BeanDefinition.ROLE_INFRASTRUCTURE) class ReactiveMethodSecurityConfiguration implements ImportAware { private int advisorOrder; @@ -51,16 +52,17 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source) { + static MethodSecurityMetadataSourceAdvisor methodSecurityInterceptor(AbstractMethodSecurityMetadataSource source, + ReactiveMethodSecurityConfiguration configuration) { MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor( "securityMethodInterceptor", source, "methodMetadataSource"); - advisor.setOrder(this.advisorOrder); + advisor.setOrder(configuration.advisorOrder); return advisor; } @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - DelegatingMethodSecurityMetadataSource methodMetadataSource( + static DelegatingMethodSecurityMetadataSource methodMetadataSource( MethodSecurityExpressionHandler methodSecurityExpressionHandler) { ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory( methodSecurityExpressionHandler); @@ -70,7 +72,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { } @Bean - PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source, + static PrePostAdviceReactiveMethodInterceptor securityMethodInterceptor(AbstractMethodSecurityMetadataSource source, MethodSecurityExpressionHandler handler) { ExpressionBasedPostInvocationAdvice postAdvice = new ExpressionBasedPostInvocationAdvice(handler); ExpressionBasedPreInvocationAdvice preAdvice = new ExpressionBasedPreInvocationAdvice(); @@ -80,10 +82,11 @@ class ReactiveMethodSecurityConfiguration implements ImportAware { @Bean @Role(BeanDefinition.ROLE_INFRASTRUCTURE) - DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler() { + DefaultMethodSecurityExpressionHandler methodSecurityExpressionHandler( + ReactiveMethodSecurityConfiguration configuration) { DefaultMethodSecurityExpressionHandler handler = new DefaultMethodSecurityExpressionHandler(); - if (this.grantedAuthorityDefaults != null) { - handler.setDefaultRolePrefix(this.grantedAuthorityDefaults.getRolePrefix()); + if (configuration.grantedAuthorityDefaults != null) { + handler.setDefaultRolePrefix(configuration.grantedAuthorityDefaults.getRolePrefix()); } return handler; }