diff --git a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java index 715bda9e3c..4cce2f63ae 100644 --- a/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/ReactiveAuthenticationManager.java @@ -20,11 +20,20 @@ import org.springframework.security.core.Authentication; import reactor.core.publisher.Mono; /** + * Determines if the provided {@link Authentication} can be authenticated. * * @author Rob Winch * @since 5.0 */ public interface ReactiveAuthenticationManager { + /** + * Attempts to authenticate the provided {@link Authentication} + * + * @param authentication the {@link Authentication} to test + * @return if authentication is successful an {@link Authentication} is returned. If + * authentication cannot be determined, an empty Mono is returned. If authentication + * fails, a Mono error is returned. + */ Mono authenticate(Authentication authentication); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java index cda0b198bd..64fced3564 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java @@ -20,8 +20,13 @@ import org.springframework.security.core.Authentication; import reactor.core.publisher.Mono; /** + * A {@link ReactiveAuthorizationManager} that determines if the current user is + * authenticated. + * * @author Rob Winch * @since 5.0 + * @param The type of object authorization is being performed against. This does not + * matter since the authorization decision does not use the object. */ public class AuthenticatedReactiveAuthorizationManager implements ReactiveAuthorizationManager { @@ -32,6 +37,11 @@ public class AuthenticatedReactiveAuthorizationManager implements ReactiveAut .defaultIfEmpty(new AuthorizationDecision(false)); } + /** + * Gets an instance of {@link AuthenticatedReactiveAuthorizationManager} + * @param + * @return + */ public static AuthenticatedReactiveAuthorizationManager authenticated() { return new AuthenticatedReactiveAuthorizationManager<>(); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java index 8a07d40057..43169f177c 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java @@ -21,8 +21,12 @@ import org.springframework.util.Assert; import reactor.core.publisher.Mono; /** + * A {@link ReactiveAuthorizationManager} that determines if the current user is + * authorized by evaluating if the {@link Authentication} contains a specified authority. + * * @author Rob Winch * @since 5.0 + * @param the type of object being authorized */ public class AuthorityReactiveAuthorizationManager implements ReactiveAuthorizationManager { private final String authority; @@ -42,11 +46,27 @@ public class AuthorityReactiveAuthorizationManager implements ReactiveAuthori .defaultIfEmpty(new AuthorizationDecision(false)); } + /** + * Creates an instance of {@link AuthorityReactiveAuthorizationManager} with the + * provided authority. + * + * @param authority the authority to check for + * @param the type of object being authorized + * @return the new instance + */ public static AuthorityReactiveAuthorizationManager hasAuthority(String authority) { Assert.notNull(authority, "authority cannot be null"); return new AuthorityReactiveAuthorizationManager<>(authority); } + /** + * Creates an instance of {@link AuthorityReactiveAuthorizationManager} with the + * provided authority. + * + * @param role the authority to check for prefixed with "ROLE_" + * @param the type of object being authorized + * @return the new instance + */ public static AuthorityReactiveAuthorizationManager hasRole(String role) { Assert.notNull(role, "role cannot be null"); return hasAuthority("ROLE_" + role); diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java index 4f3f6139be..f3edc5246a 100644 --- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java @@ -21,13 +21,32 @@ import org.springframework.security.core.Authentication; import reactor.core.publisher.Mono; /** + * A reactive authorization manager which can determine if an {@link Authentication} + * has access to a specific object. * * @author Rob Winch * @since 5.0 + * @param the type of object that the authorization check is being done one. */ public interface ReactiveAuthorizationManager { + /** + * Determines if access is granted for a specific authentication and object. + * + * @param authentication the Authentication to check + * @param object the object to check + * @return an decision or empty Mono if no decision could be made. + */ Mono check(Mono authentication, T object); + /** + * Determines if access should be granted for a specific authentication and object + * + + * @param authentication the Authentication to check + * @param object the object to check + * @return an empty Mono if authorization is granted or a Mono error if access is + * denied + */ default Mono verify(Mono authentication, T object) { return check(authentication, object) .filter( d -> d.isGranted())