Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 10:48:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Web uses AuthorizationManager<? super RequestAuthorizationContext>

Browse Source 
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931
This commit is contained in:
Rob Winch 2025-09-18 16:32:47 -05:00
parent 675835e525
commit bce8049815
No known key found for this signature in database
2 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
View File

@ -60,7 +60,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
private final AuthorizationEventPublisher publisher; private final AuthorizationEventPublisher publisher;
private final AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory; private final AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
private ObjectPostProcessor<AuthorizationManager<HttpServletRequest>> postProcessor = ObjectPostProcessor private ObjectPostProcessor<AuthorizationManager<HttpServletRequest>> postProcessor = ObjectPostProcessor
.identity(); .identity();
@ -85,7 +85,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
provider.ifUnique((postProcessor) -> this.postProcessor = postProcessor); provider.ifUnique((postProcessor) -> this.postProcessor = postProcessor);
} }
private AuthorizationManagerFactory<RequestAuthorizationContext> getAuthorizationManagerFactory( private AuthorizationManagerFactory<? super RequestAuthorizationContext> getAuthorizationManagerFactory(
ApplicationContext context) { ApplicationContext context) {
ResolvableType authorizationManagerFactoryType = ResolvableType ResolvableType authorizationManagerFactoryType = ResolvableType
.forClassWithGenerics(AuthorizationManagerFactory.class, RequestAuthorizationContext.class); .forClassWithGenerics(AuthorizationManagerFactory.class, RequestAuthorizationContext.class);
@ -134,7 +134,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
} }
private AuthorizationManagerRequestMatcherRegistry addMapping(List<? extends RequestMatcher> matchers, private AuthorizationManagerRequestMatcherRegistry addMapping(List<? extends RequestMatcher> matchers,
AuthorizationManager<RequestAuthorizationContext> manager) { AuthorizationManager<? super RequestAuthorizationContext> manager) {
for (RequestMatcher matcher : matchers) { for (RequestMatcher matcher : matchers) {
this.registry.addMapping(matcher, manager); this.registry.addMapping(matcher, manager);
} }
@ -166,13 +166,15 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
setApplicationContext(context); setApplicationContext(context);
} }
private void addMapping(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) { private void addMapping(RequestMatcher matcher,
AuthorizationManager<? super RequestAuthorizationContext> manager) {
this.unmappedMatchers = null; this.unmappedMatchers = null;
this.managerBuilder.add(matcher, manager); this.managerBuilder.add(matcher, manager);
this.mappingCount++; this.mappingCount++;
} }
private void addFirst(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) { private void addFirst(RequestMatcher matcher,
AuthorizationManager<? super RequestAuthorizationContext> manager) {
this.unmappedMatchers = null; this.unmappedMatchers = null;
this.managerBuilder.mappings((m) -> m.add(0, new RequestMatcherEntry<>(matcher, manager))); this.managerBuilder.mappings((m) -> m.add(0, new RequestMatcherEntry<>(matcher, manager)));
this.mappingCount++; this.mappingCount++;
@ -220,7 +222,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
private final List<? extends RequestMatcher> matchers; private final List<? extends RequestMatcher> matchers;
private AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory; private AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
private boolean not; private boolean not;
@ -231,7 +233,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
* creating instances of {@link AuthorizationManager} * creating instances of {@link AuthorizationManager}
*/ */
AuthorizedUrl(List<? extends RequestMatcher> matchers, AuthorizedUrl(List<? extends RequestMatcher> matchers,
AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) { AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
this.matchers = matchers; this.matchers = matchers;
this.authorizationManagerFactory = authorizationManagerFactory; this.authorizationManagerFactory = authorizationManagerFactory;
} }
@ -241,7 +243,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
} }
void setAuthorizationManagerFactory( void setAuthorizationManagerFactory(
AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) { AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
this.authorizationManagerFactory = authorizationManagerFactory; this.authorizationManagerFactory = authorizationManagerFactory;
} }
@ -403,7 +405,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
* customizations * customizations
*/ */
public AuthorizationManagerRequestMatcherRegistry access( public AuthorizationManagerRequestMatcherRegistry access(
AuthorizationManager<RequestAuthorizationContext> manager) { AuthorizationManager<? super RequestAuthorizationContext> manager) {
Assert.notNull(manager, "manager cannot be null"); Assert.notNull(manager, "manager cannot be null");
return (this.not) return (this.not)
? AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, AuthorizationManagers.not(manager)) ? AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, AuthorizationManagers.not(manager))

14
web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
View File

@ -55,10 +55,10 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());
private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings; private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings;
private RequestMatcherDelegatingAuthorizationManager( private RequestMatcherDelegatingAuthorizationManager(
List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings) { List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings) {
Assert.notEmpty(mappings, "mappings cannot be empty"); Assert.notEmpty(mappings, "mappings cannot be empty");
this.mappings = mappings; this.mappings = mappings;
} }
@ -69,12 +69,12 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
if (this.logger.isTraceEnabled()) { if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("Authorizing %s", requestLine(request))); this.logger.trace(LogMessage.format("Authorizing %s", requestLine(request)));
} }
for (RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>> mapping : this.mappings) { for (RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>> mapping : this.mappings) {
RequestMatcher matcher = mapping.getRequestMatcher(); RequestMatcher matcher = mapping.getRequestMatcher();
MatchResult matchResult = matcher.matcher(request); MatchResult matchResult = matcher.matcher(request);
if (matchResult.isMatch()) { if (matchResult.isMatch()) {
AuthorizationManager<RequestAuthorizationContext> manager = mapping.getEntry(); AuthorizationManager<? super RequestAuthorizationContext> manager = mapping.getEntry();
if (this.logger.isTraceEnabled()) { if (this.logger.isTraceEnabled()) {
this.logger.trace( this.logger.trace(
LogMessage.format("Checking authorization on %s using %s", requestLine(request), manager)); LogMessage.format("Checking authorization on %s using %s", requestLine(request), manager));
@ -108,7 +108,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
private boolean anyRequestConfigured; private boolean anyRequestConfigured;
private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings = new ArrayList<>(); private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings = new ArrayList<>();
/** /**
* Maps a {@link RequestMatcher} to an {@link AuthorizationManager}. * Maps a {@link RequestMatcher} to an {@link AuthorizationManager}.
@ -116,7 +116,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
* @param manager the {@link AuthorizationManager} to use * @param manager the {@link AuthorizationManager} to use
* @return the {@link Builder} for further customizations * @return the {@link Builder} for further customizations
*/ */
public Builder add(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) { public Builder add(RequestMatcher matcher, AuthorizationManager<? super RequestAuthorizationContext> manager) {
Assert.state(!this.anyRequestConfigured, "Can't add mappings after anyRequest"); Assert.state(!this.anyRequestConfigured, "Can't add mappings after anyRequest");
Assert.notNull(matcher, "matcher cannot be null"); Assert.notNull(matcher, "matcher cannot be null");
Assert.notNull(manager, "manager cannot be null"); Assert.notNull(manager, "manager cannot be null");
@ -133,7 +133,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
* @since 5.7 * @since 5.7
*/ */
public Builder mappings( public Builder mappings(
Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>> mappingsConsumer) { Consumer<List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>>> mappingsConsumer) {
Assert.state(!this.anyRequestConfigured, "Can't configure mappings after anyRequest"); Assert.state(!this.anyRequestConfigured, "Can't configure mappings after anyRequest");
Assert.notNull(mappingsConsumer, "mappingsConsumer cannot be null"); Assert.notNull(mappingsConsumer, "mappingsConsumer cannot be null");
mappingsConsumer.accept(this.mappings); mappingsConsumer.accept(this.mappings);