From d18431a78dca882e541fa336d21492a6978683e0 Mon Sep 17 00:00:00 2001 From: Rob Winch <362503+rwinch@users.noreply.github.com> Date: Wed, 8 Oct 2025 14:26:46 -0500 Subject: [PATCH] Move FACTOR_ constants to FactorGrantedAuthority Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030 --- .../CasAuthenticationProvider.java | 3 +- .../CasAuthenticationProviderTests.java | 4 +- .../web/configurers/FormLoginConfigurer.java | 4 +- .../web/configurers/HttpBasicConfigurer.java | 5 +- .../web/configurers/WebAuthnConfigurer.java | 4 +- .../web/configurers/X509Configurer.java | 6 +- .../oauth2/client/OAuth2LoginConfigurer.java | 4 +- .../OAuth2ResourceServerConfigurer.java | 4 +- .../ott/OneTimeTokenLoginConfigurer.java | 4 +- .../saml2/Saml2LoginConfigurer.java | 4 +- ...eGlobalMultiFactorAuthenticationTests.java | 10 +-- .../configurers/FormLoginConfigurerTests.java | 22 +++--- ...ractUserDetailsAuthenticationProvider.java | 3 +- .../AbstractJaasAuthenticationProvider.java | 3 +- .../OneTimeTokenAuthenticationProvider.java | 3 +- .../security/core/GrantedAuthorities.java | 78 ------------------- .../authority/FactorGrantedAuthority.java | 48 ++++++++++++ .../dao/DaoAuthenticationProviderTests.java | 4 +- .../jaas/JaasAuthenticationProviderTests.java | 4 +- ...eTimeTokenAuthenticationProviderTests.java | 4 +- .../AllFactorsAuthorizationManagerTests.java | 13 ++-- .../FactorAuthorizationDecisionTests.java | 8 +- ...MapRequiredAuthoritiesRepositoryTests.java | 10 +-- .../RequiredFactorErrorTests.java | 6 +- .../authorization/RequiredFactorTests.java | 10 +-- .../pages/servlet/authentication/mfa.adoc | 4 +- .../AuthorizationManagerFactoryTests.java | 8 +- ...horizationManagerFactoryConfiguration.java | 6 +- ...ultiFactorAuthenticationConfiguration.java | 6 +- ...eGlobalMultiFactorAuthenticationTests.java | 8 +- .../ListAuthoritiesConfiguration.java | 6 +- .../MultiFactorAuthenticationTests.java | 8 +- ...ltipleAuthorizationRulesConfiguration.java | 10 +-- ...eAuthorizationRulesConfigurationTests.java | 8 +- .../MissingAuthorityConfiguration.java | 4 +- .../ObtainingMoreAuthorizationTests.java | 6 +- ...nMfaAuthorizationManagerConfiguration.java | 6 +- ...uthorizationManagerConfigurationTests.java | 4 +- ...tiesAuthorizationManagerConfiguration.java | 6 +- ...uthorizationManagerConfigurationTests.java | 4 +- .../ReauthenticationTests.java | 4 +- .../RequireOttConfiguration.java | 4 +- .../SelectiveMfaConfiguration.java | 6 +- .../SelectiveMfaConfigurationTests.java | 10 +-- .../CopyAuthoritiesTests.java | 9 ++- .../AuthorizationManagerFactoryTests.kt | 8 +- ...uthorizationManagerFactoryConfiguration.kt | 6 +- ...lMultiFactorAuthenticationConfiguration.kt | 6 +- ...iFactorAuthenticationConfigurationTests.kt | 8 +- .../ListAuthoritiesConfiguration.kt | 6 +- .../MultiFactorAuthenticationTests.kt | 8 +- ...MultipleAuthorizationRulesConfiguration.kt | 10 +-- ...pleAuthorizationRulesConfigurationTests.kt | 8 +- .../MissingAuthorityConfiguration.kt | 7 +- .../ObtainingMoreAuthorizationTests.kt | 6 +- ...minMfaAuthorizationManagerConfiguration.kt | 9 ++- ...aAuthorizationManagerConfigurationTests.kt | 4 +- ...ritiesAuthorizationManagerConfiguration.kt | 6 +- ...sAuthorizationManagerConfigurationTests.kt | 4 +- .../reauthentication/ReauthenticationTests.kt | 4 +- .../RequireOttConfiguration.kt | 4 +- .../selectivemfa/SelectiveMfaConfiguration.kt | 6 +- .../SelectiveMfaConfigurationTests.kt | 10 +-- .../CopyAuthoritiesTests.kt | 11 ++- .../AbstractLdapAuthenticationProvider.java | 3 +- .../LdapAuthenticationProviderTests.java | 4 +- .../OAuth2LoginAuthenticationProvider.java | 3 +- ...Auth2LoginAuthenticationProviderTests.java | 4 +- .../JwtAuthenticationConverter.java | 3 +- .../OpaqueTokenAuthenticationProvider.java | 3 +- .../JwtAuthenticationConverterTests.java | 4 +- ...paqueTokenAuthenticationProviderTests.java | 4 +- .../OpenSaml5AuthenticationProvider.java | 3 +- .../OpenSaml5AuthenticationProviderTests.java | 4 +- ...WithAuthoritiesMvcResultMatchersTests.java | 6 +- ...DefaultLoginPageGeneratingFilterTests.java | 4 +- .../WebAuthnAuthenticationProvider.java | 3 +- .../WebAuthnAuthenticationProviderTests.java | 4 +- 78 files changed, 271 insertions(+), 307 deletions(-) delete mode 100644 core/src/main/java/org/springframework/security/core/GrantedAuthorities.java diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java index 0ae5b67836..1b02681f54 100644 --- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java +++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java @@ -38,7 +38,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.cas.ServiceProperties; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.authority.FactorGrantedAuthority; @@ -70,7 +69,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class); - private static final String AUTHORITY = GrantedAuthorities.FACTOR_CAS_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.CAS_AUTHORITY; @SuppressWarnings("NullAway.Init") private AuthenticationUserDetailsService authenticationUserDetailsService; diff --git a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java index 9c05b269fd..6d65d6bbba 100644 --- a/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java +++ b/cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationProviderTests.java @@ -33,8 +33,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio import org.springframework.security.cas.ServiceProperties; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.User; @@ -361,7 +361,7 @@ public class CasAuthenticationProviderTests { CasServiceTicketAuthenticationToken token = CasServiceTicketAuthenticationToken.stateful("ST-123"); token.setDetails("details"); Authentication result = cap.authenticate(token); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_CAS_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.CAS_AUTHORITY); } private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java index e3f59f6cee..8665b002c9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurer.java @@ -21,7 +21,7 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler; import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler; @@ -237,7 +237,7 @@ public final class FormLoginConfigurer> extends AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(); RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http); exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher), - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + FactorGrantedAuthority.PASSWORD_AUTHORITY); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java index 8ba007e724..c8f0b4dc3e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java @@ -28,7 +28,7 @@ import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint; import org.springframework.security.web.authentication.HttpStatusEntryPoint; @@ -196,8 +196,7 @@ public final class HttpBasicConfigurer> AuthenticationEntryPoint entryPoint = postProcess(this.authenticationEntryPoint); exceptionHandling.defaultAuthenticationEntryPointFor(entryPoint, preferredMatcher); exceptionHandling.defaultDeniedHandlerForMissingAuthority( - (ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher), - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + (ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher), FactorGrantedAuthority.PASSWORD_AUTHORITY); } private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java index bd17087378..90bf29ae45 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java @@ -26,7 +26,7 @@ import org.springframework.context.ApplicationContext; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.access.intercept.AuthorizationFilter; @@ -159,7 +159,7 @@ public class WebAuthnConfigurer> if (exceptions != null) { AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login"); exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint), - GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY); + FactorGrantedAuthority.WEBAUTHN_AUTHORITY); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java index 539286c03a..0c09707889 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java @@ -25,8 +25,8 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.core.userdetails.UserDetailsService; @@ -180,14 +180,14 @@ public final class X509Configurer> PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); authenticationProvider.setGrantedAuthoritySupplier( - () -> AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_X509_AUTHORITY)); + () -> AuthorityUtils.createAuthorityList(FactorGrantedAuthority.X509_AUTHORITY)); http.authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); ExceptionHandlingConfigurer exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class); if (exceptions != null) { AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint(); exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden), - GrantedAuthorities.FACTOR_X509_AUTHORITY); + FactorGrantedAuthority.X509_AUTHORITY); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 37ec87dcc2..4470a7211e 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -45,7 +45,7 @@ import org.springframework.security.config.annotation.web.configurers.SessionMan import org.springframework.security.context.DelegatingApplicationListener; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.session.AbstractSessionEvent; import org.springframework.security.core.session.SessionDestroyedEvent; @@ -568,7 +568,7 @@ public final class OAuth2LoginConfigurer> RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http); exceptions.defaultDeniedHandlerForMissingAuthority( (ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher), - GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY); + FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY); } return loginEntryPoint; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java index 6379c47700..c830013461 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java @@ -39,7 +39,7 @@ import org.springframework.security.config.annotation.web.configurers.CsrfConfig import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.JwtDecoder; @@ -357,7 +357,7 @@ public final class OAuth2ResourceServerConfigurer ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher), - GrantedAuthorities.FACTOR_BEARER_AUTHORITY); + FactorGrantedAuthority.BEARER_AUTHORITY); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java index 4e0da7bec7..99591adad9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java @@ -37,7 +37,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.AuthenticationConverter; @@ -142,7 +142,7 @@ public final class OneTimeTokenLoginConfigurer> AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(); RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http); exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher), - GrantedAuthorities.FACTOR_OTT_AUTHORITY); + FactorGrantedAuthority.OTT_AUTHORITY); } } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java index f6db8a8a2f..5f9f3b6246 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.java @@ -35,7 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer; import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider; import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; @@ -355,7 +355,7 @@ public final class Saml2LoginConfigurer> RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http); exceptions.defaultDeniedHandlerForMissingAuthority( (ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher), - GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY); + FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY); } return loginEntryPoint; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/authorization/EnableGlobalMultiFactorAuthenticationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authorization/EnableGlobalMultiFactorAuthenticationTests.java index b38a6f43e4..9dc3c7bf93 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authorization/EnableGlobalMultiFactorAuthenticationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authorization/EnableGlobalMultiFactorAuthenticationTests.java @@ -27,7 +27,7 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.context.web.WebAppConfiguration; @@ -57,8 +57,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { Service service; @Test - @WithMockUser( - authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY }) void webWhenAuthorized() throws Exception { this.mvc.perform(get("/")).andExpect(status().isOk()); } @@ -70,8 +69,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { } @Test - @WithMockUser( - authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY }) void methodWhenAuthorized() throws Exception { Assertions.assertThatNoException().isThrownBy(() -> this.service.authenticated()); } @@ -87,7 +85,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { @EnableMethodSecurity @Configuration @EnableGlobalMultiFactorAuthentication( - authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY }) + authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY }) static class Config { @Bean diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java index 58fe15f9f5..c166e4fd6e 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java @@ -40,7 +40,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.users.AuthenticationTestConfiguration; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.context.SecurityContextChangedListener; import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.core.userdetails.PasswordEncodedUser; @@ -417,20 +417,20 @@ public class FormLoginConfigurerTests { .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("/")); user = PasswordEncodedUser.withUserDetails(user) - .authorities("profile:read", GrantedAuthorities.FACTOR_OTT_AUTHORITY) + .authorities("profile:read", FactorGrantedAuthority.OTT_AUTHORITY) .build(); this.mockMvc.perform(get("/profile").with(user(user))) .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing")); user = PasswordEncodedUser.withUserDetails(user) - .authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); this.mockMvc.perform(get("/profile").with(user(user))) .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing")); user = PasswordEncodedUser.withUserDetails(user) - .authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY) + .authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY) .build(); this.mockMvc.perform(get("/profile").with(user(user))).andExpect(status().isNotFound()); } @@ -453,8 +453,8 @@ public class FormLoginConfigurerTests { .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrl("/")); UserDetails authorized = PasswordEncodedUser.withUsername("rod") - .authorities("profile:read", GrantedAuthorities.FACTOR_X509_AUTHORITY, - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .authorities("profile:read", FactorGrantedAuthority.X509_AUTHORITY, + FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); this.mockMvc.perform(get("/profile").with(user(authorized))).andExpect(status().isOk()); } @@ -821,8 +821,8 @@ public class FormLoginConfigurerTests { @Bean AuthorizationManagerFactory authz() { - return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY); + return new AuthorizationManagerFactory<>(FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY); } } @@ -848,8 +848,8 @@ public class FormLoginConfigurerTests { @Bean AuthorizationManagerFactory authz() { - return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_X509_AUTHORITY, - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + return new AuthorizationManagerFactory<>(FactorGrantedAuthority.X509_AUTHORITY, + FactorGrantedAuthority.PASSWORD_AUTHORITY); } } diff --git a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java index baf82bafdf..e33aa2077e 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java @@ -36,7 +36,6 @@ import org.springframework.security.authentication.LockedException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.authority.FactorGrantedAuthority; @@ -100,7 +99,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper(); - private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY; /** * Allows subclasses to perform any additional checks of a returned (or cached) diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java index f7dbefd51a..a13dc77c05 100644 --- a/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java @@ -44,7 +44,6 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.context.SecurityContext; @@ -122,7 +121,7 @@ import org.springframework.util.ObjectUtils; public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider, ApplicationEventPublisherAware, InitializingBean, ApplicationListener { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY; private ApplicationEventPublisher applicationEventPublisher = (event) -> { }; diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProvider.java index 6307a32622..b72e4f8e8c 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProvider.java @@ -23,7 +23,6 @@ import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; @@ -41,7 +40,7 @@ import org.springframework.util.Assert; */ public final class OneTimeTokenAuthenticationProvider implements AuthenticationProvider { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_OTT_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.OTT_AUTHORITY; private final OneTimeTokenService oneTimeTokenService; diff --git a/core/src/main/java/org/springframework/security/core/GrantedAuthorities.java b/core/src/main/java/org/springframework/security/core/GrantedAuthorities.java deleted file mode 100644 index 79f962354e..0000000000 --- a/core/src/main/java/org/springframework/security/core/GrantedAuthorities.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.core; - -/** - * Constants for {@link GrantedAuthority}. - * - * @author Rob Winch - * @since 7.0 - */ -public final class GrantedAuthorities { - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2 - * Authorization Code was used to authenticate. - */ - public static final String FACTOR_AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer - * authentication was used to authenticate. - */ - public static final String FACTOR_BEARER_AUTHORITY = "FACTOR_BEARER"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was - * used to authenticate. - */ - public static final String FACTOR_CAS_AUTHORITY = "FACTOR_CAS"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that one time - * token was used to authenticate. - */ - public static final String FACTOR_OTT_AUTHORITY = "FACTOR_OTT"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that a password - * was used to authenticate. - */ - public static final String FACTOR_PASSWORD_AUTHORITY = "FACTOR_PASSWORD"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was - * used to authenticate. - */ - public static final String FACTOR_SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn - * was used to authenticate. - */ - public static final String FACTOR_WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN"; - - /** - * The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was - * used to authenticate. - */ - public static final String FACTOR_X509_AUTHORITY = "FACTOR_X509"; - - private GrantedAuthorities() { - } - -} diff --git a/core/src/main/java/org/springframework/security/core/authority/FactorGrantedAuthority.java b/core/src/main/java/org/springframework/security/core/authority/FactorGrantedAuthority.java index b9a3f6b4a4..8db5347b03 100644 --- a/core/src/main/java/org/springframework/security/core/authority/FactorGrantedAuthority.java +++ b/core/src/main/java/org/springframework/security/core/authority/FactorGrantedAuthority.java @@ -34,6 +34,54 @@ import org.springframework.util.Assert; */ public final class FactorGrantedAuthority implements GrantedAuthority { + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2 + * Authorization Code was used to authenticate. + */ + public static final String AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer + * authentication was used to authenticate. + */ + public static final String BEARER_AUTHORITY = "FACTOR_BEARER"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was + * used to authenticate. + */ + public static final String CAS_AUTHORITY = "FACTOR_CAS"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that one time + * token was used to authenticate. + */ + public static final String OTT_AUTHORITY = "FACTOR_OTT"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that a password + * was used to authenticate. + */ + public static final String PASSWORD_AUTHORITY = "FACTOR_PASSWORD"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was + * used to authenticate. + */ + public static final String SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn + * was used to authenticate. + */ + public static final String WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN"; + + /** + * The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was + * used to authenticate. + */ + public static final String X509_AUTHORITY = "FACTOR_X509"; + private static final long serialVersionUID = 1998010439847123984L; private final String authority; diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index e394e34c9a..b491510865 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -38,9 +38,9 @@ import org.springframework.security.authentication.password.CompromisedPasswordC import org.springframework.security.authentication.password.CompromisedPasswordDecision; import org.springframework.security.authentication.password.CompromisedPasswordException; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -512,7 +512,7 @@ public class DaoAuthenticationProviderTests { DaoAuthenticationProvider provider = new DaoAuthenticationProvider(withUsers(user)); Authentication request = new UsernamePasswordAuthenticationToken("user", "password"); Authentication result = provider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY); } private UserDetailsService withUsers(UserDetails... users) { diff --git a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java index 4adfe897ac..d5619bfb91 100644 --- a/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java @@ -40,9 +40,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.session.SessionDestroyedEvent; @@ -242,7 +242,7 @@ public class JaasAuthenticationProviderTests { public void authenticateWhenSuccessThenIssuesFactor() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); Authentication result = this.jaasProvider.authenticate(token); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY); } private static class MockLoginContext extends LoginContext { diff --git a/core/src/test/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProviderTests.java index 4c0509094f..f3bc8ce322 100644 --- a/core/src/test/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationProviderTests.java @@ -28,7 +28,7 @@ import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -109,7 +109,7 @@ public class OneTimeTokenAuthenticationProviderTests { OneTimeTokenAuthenticationToken token = new OneTimeTokenAuthenticationToken(TOKEN); Authentication authentication = this.provider.authenticate(token); - SecurityAssertions.assertThat(authentication).hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY); + SecurityAssertions.assertThat(authentication).hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/AllFactorsAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AllFactorsAuthorizationManagerTests.java index 7e3328088c..3e89612c9a 100644 --- a/core/src/test/java/org/springframework/security/authorization/AllFactorsAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AllFactorsAuthorizationManagerTests.java @@ -26,7 +26,6 @@ import org.junit.jupiter.api.Test; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.authority.FactorGrantedAuthority; import static org.assertj.core.api.Assertions.assertThat; @@ -43,11 +42,11 @@ class AllFactorsAuthorizationManagerTests { private static final Object DOES_NOT_MATTER = new Object(); private static RequiredFactor REQUIRED_PASSWORD = RequiredFactor - .withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); private static RequiredFactor EXPIRING_PASSWORD = RequiredFactor - .withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .validDuration(Duration.ofHours(1)) .build(); @@ -67,10 +66,10 @@ class AllFactorsAuthorizationManagerTests { @Test void authorizeWhenConsumerGranted() { AllFactorsAuthorizationManager allFactors = AllFactorsAuthorizationManager.builder() - .requiredFactor((required) -> required.authority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)) + .requiredFactor((required) -> required.authority(FactorGrantedAuthority.PASSWORD_AUTHORITY)) .build(); FactorGrantedAuthority passwordFactor = FactorGrantedAuthority - .withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .issuedAt(Instant.now()) .build(); Authentication authentication = new TestingAuthenticationToken("user", "password", passwordFactor); @@ -171,7 +170,7 @@ class AllFactorsAuthorizationManagerTests { Duration expiresIn = Duration.ofHours(1); Instant justExpired = now.minus(expiresIn); Clock clock = Clock.fixed(now, ZoneId.systemDefault()); - RequiredFactor expiringPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor expiringPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .validDuration(expiresIn) .build(); AllFactorsAuthorizationManager allFactors = AllFactorsAuthorizationManager.builder() @@ -193,7 +192,7 @@ class AllFactorsAuthorizationManagerTests { Duration expiresIn = Duration.ofHours(1); Instant justExpired = now.minus(expiresIn).plus(Duration.ofNanos(1)); Clock clock = Clock.fixed(now, ZoneId.systemDefault()); - RequiredFactor expiringPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor expiringPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .validDuration(expiresIn) .build(); AllFactorsAuthorizationManager allFactors = AllFactorsAuthorizationManager.builder() diff --git a/core/src/test/java/org/springframework/security/authorization/FactorAuthorizationDecisionTests.java b/core/src/test/java/org/springframework/security/authorization/FactorAuthorizationDecisionTests.java index ebada684b8..1ca39fb74b 100644 --- a/core/src/test/java/org/springframework/security/authorization/FactorAuthorizationDecisionTests.java +++ b/core/src/test/java/org/springframework/security/authorization/FactorAuthorizationDecisionTests.java @@ -21,7 +21,7 @@ import java.util.List; import org.junit.jupiter.api.Test; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -42,7 +42,7 @@ class FactorAuthorizationDecisionTests { @Test void isGrantedWhenNotEmptyThenFalse() { - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword); FactorAuthorizationDecision decision = new FactorAuthorizationDecision(List.of(missingPassword)); @@ -51,7 +51,7 @@ class FactorAuthorizationDecisionTests { @Test void getFactorErrors() { - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword); List factorErrors = List.of(missingPassword); @@ -67,7 +67,7 @@ class FactorAuthorizationDecisionTests { @Test void constructorWhenContainsNullThenThrowIllegalArgumentException() { - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword); List hasNullValue = Arrays.asList(missingPassword, null); diff --git a/core/src/test/java/org/springframework/security/authorization/MapRequiredAuthoritiesRepositoryTests.java b/core/src/test/java/org/springframework/security/authorization/MapRequiredAuthoritiesRepositoryTests.java index 90a8cf5f23..310170db06 100644 --- a/core/src/test/java/org/springframework/security/authorization/MapRequiredAuthoritiesRepositoryTests.java +++ b/core/src/test/java/org/springframework/security/authorization/MapRequiredAuthoritiesRepositoryTests.java @@ -20,7 +20,7 @@ import java.util.List; import org.junit.jupiter.api.Test; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -37,16 +37,16 @@ class MapRequiredAuthoritiesRepositoryTests { private String username = "user"; - private List authorities = List.of(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY); + private List authorities = List.of(FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY); @Test void workflow() { this.repository.saveRequiredAuthorities(this.username, this.authorities); assertThat(this.repository.findRequiredAuthorities(this.username)) .containsExactlyInAnyOrderElementsOf(this.authorities); - List otherAuthorities = List.of(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY); + List otherAuthorities = List.of(FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.WEBAUTHN_AUTHORITY); this.repository.saveRequiredAuthorities(this.username, otherAuthorities); assertThat(this.repository.findRequiredAuthorities(this.username)) .containsExactlyInAnyOrderElementsOf(otherAuthorities); diff --git a/core/src/test/java/org/springframework/security/authorization/RequiredFactorErrorTests.java b/core/src/test/java/org/springframework/security/authorization/RequiredFactorErrorTests.java index eafa6029be..2dc3e4f3c5 100644 --- a/core/src/test/java/org/springframework/security/authorization/RequiredFactorErrorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/RequiredFactorErrorTests.java @@ -20,7 +20,7 @@ import java.time.Duration; import org.junit.jupiter.api.Test; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -34,7 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException class RequiredFactorErrorTests { public static final RequiredFactor REQUIRED_FACTOR = RequiredFactor - .withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + .withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .validDuration(Duration.ofHours(1)) .build(); @@ -56,7 +56,7 @@ class RequiredFactorErrorTests { @Test void createExpiredWhenNullValidDurationThenIllegalArgumentException() { - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); assertThatIllegalArgumentException().isThrownBy(() -> RequiredFactorError.createExpired(requiredPassword)); } diff --git a/core/src/test/java/org/springframework/security/authorization/RequiredFactorTests.java b/core/src/test/java/org/springframework/security/authorization/RequiredFactorTests.java index 98e28f256d..137fdbe209 100644 --- a/core/src/test/java/org/springframework/security/authorization/RequiredFactorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/RequiredFactorTests.java @@ -20,7 +20,7 @@ import java.time.Duration; import org.junit.jupiter.api.Test; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -41,19 +41,19 @@ class RequiredFactorTests { @Test void withAuthorityThenEquals() { - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .build(); - assertThat(requiredPassword.getAuthority()).isEqualTo(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + assertThat(requiredPassword.getAuthority()).isEqualTo(FactorGrantedAuthority.PASSWORD_AUTHORITY); assertThat(requiredPassword.getValidDuration()).isNull(); } @Test void builderValidDurationThenEquals() { Duration validDuration = Duration.ofMinutes(1); - RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY) .validDuration(validDuration) .build(); - assertThat(requiredPassword.getAuthority()).isEqualTo(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + assertThat(requiredPassword.getAuthority()).isEqualTo(FactorGrantedAuthority.PASSWORD_AUTHORITY); assertThat(requiredPassword.getValidDuration()).isEqualTo(validDuration); } diff --git a/docs/modules/ROOT/pages/servlet/authentication/mfa.adoc b/docs/modules/ROOT/pages/servlet/authentication/mfa.adoc index 4807e3feba..1a1e8f1459 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/mfa.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/mfa.adoc @@ -11,8 +11,8 @@ OWASP places factors into the following categories: == `FactorGrantedAuthority` -At the time of authentication, Spring Security's authentication mechanisms add a javadoc:org.springframework.security.core.authority.FactorGrantedAuthority[] using the constants found in javadoc:org.springframework.security.core.GrantedAuthorities[]. -For example, when a user authenticates using a password a `FactorGrantedAuthority` with the `authority` of `GrantedAuthorities.FACTOR_PASSWORD` is automatically added to the `Authentiation`. +At the time of authentication, Spring Security's authentication mechanisms add a javadoc:org.springframework.security.core.authority.FactorGrantedAuthority[]. +For example, when a user authenticates using a password a `FactorGrantedAuthority` with the `authority` of `FactorGrantedAuthority.PASSWORD_AUTHORITY` is automatically added to the `Authentiation`. In order to require MFA with Spring Security you must: - Specify an authorization rule that requires multiple factors diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.java index e3091010a8..78204c38a8 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -52,7 +52,7 @@ public class AuthorizationManagerFactoryTests { MockMvc mockMvc; @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY }) void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception { this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -63,7 +63,7 @@ public class AuthorizationManagerFactoryTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY) void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception { this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -74,7 +74,7 @@ public class AuthorizationManagerFactoryTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY) void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception { this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.java index dc4cbfcab8..7c04174313 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.java @@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -40,8 +40,8 @@ class UseAuthorizationManagerFactoryConfiguration { AuthorizationManagerFactory authz() { return DefaultAuthorizationManagerFactory.builder() .requireAdditionalAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) .build(); } diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.java index 4a24b03be5..b0df11d29f 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.java @@ -6,7 +6,7 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.authorization.EnableGlobalMultiFactorAuthentication; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -18,8 +18,8 @@ import org.springframework.security.web.authentication.ott.RedirectOneTimeTokenG @Configuration(proxyBeanMethods = false) // tag::enable-global-mfa[] @EnableGlobalMultiFactorAuthentication(authorities = { - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY }) + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY }) // end::enable-global-mfa[] public class EnableGlobalMultiFactorAuthenticationConfiguration { diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationTests.java index e17c8b096a..c4e78c773a 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -52,7 +52,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { MockMvc mockMvc; @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER" }) void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -63,7 +63,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY) void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -74,7 +74,7 @@ public class EnableGlobalMultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY) void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.java index 3f6e70d52f..bc7480c3b8 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.java @@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -25,8 +25,8 @@ class ListAuthoritiesConfiguration { .authorizeHttpRequests((authorize) -> authorize // <1> .anyRequest().hasAllAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) ) // <2> diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.java index 02e4905c02..98ac8b5f4d 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -52,7 +52,7 @@ public class MultiFactorAuthenticationTests { MockMvc mockMvc; @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY }) void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception { this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -63,7 +63,7 @@ public class MultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY) void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception { this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -74,7 +74,7 @@ public class MultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY) void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception { this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.java index f480652100..ef269f5122 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.java @@ -21,7 +21,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -42,14 +42,14 @@ public class MultipleAuthorizationRulesConfiguration { // <1> .requestMatchers("/admin/**").hasAllAuthorities( "ROLE_ADMIN", - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) // <2> .anyRequest().hasAllAuthorities( "ROLE_USER", - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) ) // <3> diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.java index a1238c276e..1e710c02a4 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -52,7 +52,7 @@ public class MultipleAuthorizationRulesConfigurationTests { MockMvc mockMvc; @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER" }) void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception { this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -63,7 +63,7 @@ public class MultipleAuthorizationRulesConfigurationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY) void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception { this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -74,7 +74,7 @@ public class MultipleAuthorizationRulesConfigurationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY) void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception { this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.java index 3de40e084a..051bb363bf 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.java @@ -14,7 +14,7 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; @@ -49,7 +49,7 @@ class MissingAuthorityConfiguration { @Bean AuthorizationManagerFactory authz() { return DefaultAuthorizationManagerFactory.builder() - .requireAdditionalAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY) + .requireAdditionalAuthorities(FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY) .build(); } // end::authorizationManagerFactoryBean[] diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.java index 83f4e98f7a..bdf4b05ea2 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -62,7 +62,7 @@ public class ObtainingMoreAuthorizationTests { } @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY }) + @WithMockUser(authorities = { FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY }) void profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() throws Exception { this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -83,7 +83,7 @@ public class ObtainingMoreAuthorizationTests { } @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read" }) + @WithMockUser(authorities = { FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read" }) void profileWhenAuthenticatedAndHasScopeThenPermits() throws Exception { this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.java index e2417f36bd..a86840654c 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.java @@ -16,7 +16,7 @@ import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -52,8 +52,8 @@ class AdminMfaAuthorizationManagerConfiguration { if ("admin".equals(authentication.get().getName())) { AuthorizationManager admins = AllAuthoritiesAuthorizationManager.hasAllAuthorities( - GrantedAuthorities.FACTOR_OTT_AUTHORITY, - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY + FactorGrantedAuthority.OTT_AUTHORITY, + FactorGrantedAuthority.PASSWORD_AUTHORITY ); // <1> return admins.authorize(authentication, context); diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.java index a8b958b9d5..d010eb4119 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -74,7 +74,7 @@ public class AdminMfaAuthorizationManagerConfigurationTests { } @Test - @WithMockUser(username = "admin", authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY }) + @WithMockUser(username = "admin", authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY }) void getWhenAdminAndHasFactorThenAllows() throws Exception { this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.java index 8a77f82015..fc69f0d7e9 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.java @@ -11,7 +11,7 @@ import org.springframework.security.authorization.RequiredAuthoritiesAuthorizati import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -44,8 +44,8 @@ class RequiredAuthoritiesAuthorizationManagerConfiguration { // <1> MapRequiredAuthoritiesRepository authorities = new MapRequiredAuthoritiesRepository(); authorities.saveRequiredAuthorities("admin", List.of( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY) + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY) ); // <2> return new RequiredAuthoritiesAuthorizationManager<>(authorities); diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.java index 4846a63560..73762941a0 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -74,7 +74,7 @@ public class RequiredAuthoritiesAuthorizationManagerConfigurationTests { } @Test - @WithMockUser(username = "admin", authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY }) + @WithMockUser(username = "admin", authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY }) void getWhenAdminAndHasFactorThenAllows() throws Exception { this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/ReauthenticationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/ReauthenticationTests.java index c9da833907..f2050734cf 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/ReauthenticationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/ReauthenticationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -74,7 +74,7 @@ public class ReauthenticationTests { } @Test - @WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY) + @WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY) void ottWhenRequireOttConfigurationThenAllows() throws Exception { this.spring.register(RequireOttConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/RequireOttConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/RequireOttConfiguration.java index 7682ebe324..32d2812bb9 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/RequireOttConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/reauthentication/RequireOttConfiguration.java @@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -23,7 +23,7 @@ public class RequireOttConfiguration { // @formatter:off http .authorizeHttpRequests((authorize) -> authorize - .requestMatchers("/profile/**").hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY) // <1> + .requestMatchers("/profile/**").hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY) // <1> .anyRequest().authenticated() ) .formLogin(Customizer.withDefaults()) diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.java index ead92fe462..cc72443499 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.java @@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -27,8 +27,8 @@ class SelectiveMfaConfiguration { AuthorizationManagerFactory mfa = DefaultAuthorizationManagerFactory.builder() .requireAdditionalAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) .build(); http diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.java index 3fd0c1106d..b2940bc325 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.java @@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener; @@ -53,7 +53,7 @@ public class SelectiveMfaConfigurationTests { MockMvc mockMvc; @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN" }) void adminWhenMissingOttThenRequired() throws Exception { this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -64,7 +64,7 @@ public class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN" }) void adminWhenMfaThenAllowed() throws Exception { this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -75,7 +75,7 @@ public class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN" }) void userSettingsRequiresMfa() throws Exception { this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire(); // @formatter:off @@ -86,7 +86,7 @@ public class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_USER" }) + @WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_USER" }) void userSettingsWhenMissingOttThenRequired() throws Exception { this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire(); // @formatter:off diff --git a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.java b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.java index bbd59d9726..8dd98e7feb 100644 --- a/docs/src/test/java/org/springframework/security/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.java +++ b/docs/src/test/java/org/springframework/security/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.java @@ -8,8 +8,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.ott.OneTimeTokenAuthentication; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import static org.mockito.ArgumentMatchers.any; @@ -20,10 +20,10 @@ public class CopyAuthoritiesTests { @Test void toBuilderWhenApplyThenCopies() { UsernamePasswordAuthenticationToken previous = new UsernamePasswordAuthenticationToken("alice", "pass", - AuthorityUtils.createAuthorityList( GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)); + AuthorityUtils.createAuthorityList( FactorGrantedAuthority.PASSWORD_AUTHORITY)); SecurityContextHolder.getContext().setAuthentication(previous); Authentication latest = new OneTimeTokenAuthentication("bob", - AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY)); + AuthorityUtils.createAuthorityList(FactorGrantedAuthority.OTT_AUTHORITY)); AuthenticationManager authenticationManager = mock(AuthenticationManager.class); given(authenticationManager.authenticate(any())).willReturn(latest); Authentication authenticationRequest = new TestingAuthenticationToken("user", "pass"); @@ -36,7 +36,8 @@ public class CopyAuthoritiesTests { .build(); } // end::springSecurity[] - SecurityAssertions.assertThat(lastestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY); + SecurityAssertions.assertThat(lastestResult).hasAuthorities( + FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY); SecurityContextHolder.clearContext(); } } diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.kt index bff52b21a5..28f65a7eea 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/AuthorizationManagerFactoryTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -47,7 +47,7 @@ class AuthorizationManagerFactoryTests { var mockMvc: MockMvc? = null @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordAndOttThenPermits() { this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java) @@ -60,7 +60,7 @@ class AuthorizationManagerFactoryTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() { this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java) @@ -73,7 +73,7 @@ class AuthorizationManagerFactoryTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithOttThenRedirectsToPassword() { this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java) diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.kt index cf4058c4aa..cf72ba3b7f 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/authorizationmanagerfactory/UseAuthorizationManagerFactoryConfiguration.kt @@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -40,8 +40,8 @@ internal class UseAuthorizationManagerFactoryConfiguration { fun authz(): AuthorizationManagerFactory { return DefaultAuthorizationManagerFactory.builder() .requireAdditionalAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) .build() } diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.kt index 0f3ad02465..37e2eba9fb 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfiguration.kt @@ -6,7 +6,7 @@ import org.springframework.security.config.annotation.authorization.EnableGlobal import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -19,8 +19,8 @@ import org.springframework.security.web.authentication.ott.RedirectOneTimeTokenG // tag::enable-global-mfa[] @EnableGlobalMultiFactorAuthentication( authorities = [ - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY]) // end::enable-global-mfa[] internal class EnableGlobalMultiFactorAuthenticationConfiguration { diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfigurationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfigurationTests.kt index e765aa1a34..7517e446ac 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfigurationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/egmfa/EnableGlobalMultiFactorAuthenticationConfigurationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -47,7 +47,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests { var mockMvc: MockMvc? = null @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN"]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordAndOttThenPermits() { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire() @@ -59,7 +59,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire() @@ -71,7 +71,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithOttThenRedirectsToPassword() { this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire() diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.kt index 27a4d17d87..81013b422b 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/ListAuthoritiesConfiguration.kt @@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -25,8 +25,8 @@ internal class ListAuthoritiesConfiguration { authorizeHttpRequests { // <1> authorize(anyRequest, hasAllAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY )) } // <2> diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.kt index d6d479c3f6..dc95435498 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultiFactorAuthenticationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -47,7 +47,7 @@ class MultiFactorAuthenticationTests { var mockMvc: MockMvc? = null @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordAndOttThenPermits() { this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire() @@ -59,7 +59,7 @@ class MultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() { this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire() @@ -71,7 +71,7 @@ class MultiFactorAuthenticationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithOttThenRedirectsToPassword() { this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire() diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.kt index 60e8a9651f..276ecc3d69 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfiguration.kt @@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -26,14 +26,14 @@ internal class MultipleAuthorizationRulesConfiguration { // <1> authorize("/admin/**", hasAllAuthorities( "ROLE_ADMIN", - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY )) // <2> authorize(anyRequest, hasAllAuthorities( "ROLE_USER", - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY )) } // <3> diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.kt index fcdadd5b61..417c60b30d 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/hasallauthorities/MultipleAuthorizationRulesConfigurationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -47,7 +47,7 @@ class MultipleAuthorizationRulesConfigurationTests { var mockMvc: MockMvc? = null @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER"]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordAndOttThenPermits() { this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire() @@ -59,7 +59,7 @@ class MultipleAuthorizationRulesConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() { this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire() @@ -71,7 +71,7 @@ class MultipleAuthorizationRulesConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun getWhenAuthenticatedWithOttThenRedirectsToPassword() { this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire() diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.kt index 1beeb5cfd6..88ebf0f096 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/MissingAuthorityConfiguration.kt @@ -11,7 +11,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer import org.springframework.security.config.annotation.web.invoke import org.springframework.security.core.AuthenticationException -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository import org.springframework.security.oauth2.client.registration.TestClientRegistrations @@ -55,7 +55,10 @@ internal class MissingAuthorityConfiguration { @Bean fun authz(): AuthorizationManagerFactory { return DefaultAuthorizationManagerFactory.builder() - .requireAdditionalAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY) + .requireAdditionalAuthorities( + FactorGrantedAuthority.X509_AUTHORITY, + FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY + ) .build() } // end::authorizationManagerFactoryBean[] diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.kt index 9016e3094a..e0feae306d 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/obtainingmoreauthorization/ObtainingMoreAuthorizationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.docs.servlet.authentication.obtainingmoreauthorization.ScopeConfiguration import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener @@ -59,7 +59,7 @@ class ObtainingMoreAuthorizationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY]) @Throws(Exception::class) fun profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() { this.spring.register(MissingAuthorityConfiguration::class.java, Http200Controller::class.java).autowire() @@ -82,7 +82,7 @@ class ObtainingMoreAuthorizationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read"]) + @WithMockUser(authorities = [FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read"]) @Throws( Exception::class ) diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.kt index 45634fee12..b65b30cce0 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfiguration.kt @@ -7,7 +7,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke import org.springframework.security.core.Authentication -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.PasswordEncodedUser import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -27,7 +27,9 @@ internal class AdminMfaAuthorizationManagerConfiguration { // @formatter:off http { authorizeHttpRequests { + // <1> authorize("/admin/**", hasRole("ADMIN")) + // <2> authorize(anyRequest, authenticated) } formLogin { } @@ -46,9 +48,8 @@ internal class AdminMfaAuthorizationManagerConfiguration { return if ("admin" == authentication.get().name) { var admins = AllAuthoritiesAuthorizationManager.hasAllAuthorities( - GrantedAuthorities.FACTOR_OTT_AUTHORITY, - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY - ) + FactorGrantedAuthority.OTT_AUTHORITY, + FactorGrantedAuthority.PASSWORD_AUTHORITY) // <1> admins.authorize(authentication, context) } else { diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.kt index 650c66fde1..9bf40f8f56 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/programmaticmfa/AdminMfaAuthorizationManagerConfigurationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated @@ -73,7 +73,7 @@ class AdminMfaAuthorizationManagerConfigurationTests { @Test @Throws(Exception::class) - @WithMockUser(username = "admin", authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY ]) + @WithMockUser(username = "admin", authorities = [FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY]) fun getWhenAdminAndHasFactorThenAllows() { this.spring.register(AdminMfaAuthorizationManagerConfiguration::class.java, Http200Controller::class.java).autowire() // @formatter:off diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.kt index 52e0ea23f3..7014c489e6 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfiguration.kt @@ -9,7 +9,7 @@ import org.springframework.security.authorization.RequiredAuthoritiesAuthorizati import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.PasswordEncodedUser import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -44,8 +44,8 @@ internal class RequiredAuthoritiesAuthorizationManagerConfiguration { // <1> val authorities = MapRequiredAuthoritiesRepository() authorities.saveRequiredAuthorities("admin", List.of( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY) + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY) ) // <2> return RequiredAuthoritiesAuthorizationManager(authorities) diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.kt index 404b0805b7..cf14454a44 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/raammfa/RequiredAuthoritiesAuthorizationManagerConfigurationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -75,7 +75,7 @@ class RequiredAuthoritiesAuthorizationManagerConfigurationTests { @Test @WithMockUser( username = "admin", - authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY] + authorities = [FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY] ) @Throws( Exception::class diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/ReauthenticationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/ReauthenticationTests.kt index 6cf9bd57c9..122789974c 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/ReauthenticationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/ReauthenticationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.docs.servlet.authentication.reauthentication.RequireOttConfiguration import org.springframework.security.docs.servlet.authentication.reauthentication.SimpleConfiguration import org.springframework.security.test.context.support.WithMockUser @@ -73,7 +73,7 @@ class ReauthenticationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY]) + @WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY]) @Throws(Exception::class) fun ottWhenRequireOttConfigurationThenAllows() { this.spring.register(RequireOttConfiguration::class.java, Http200Controller::class.java).autowire() diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/RequireOttConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/RequireOttConfiguration.kt index 9ba73f2daf..4100ce0356 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/RequireOttConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/reauthentication/RequireOttConfiguration.kt @@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -23,7 +23,7 @@ class RequireOttConfiguration { // @formatter:off http { authorizeHttpRequests { - authorize("/profile/**", hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY)) // <1> + authorize("/profile/**", hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY)) // <1> authorize(anyRequest, authenticated) } formLogin { } diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.kt index d95ca5f37a..476ec6cf39 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfiguration.kt @@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity import org.springframework.security.config.annotation.web.invoke -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager @@ -27,8 +27,8 @@ internal class SelectiveMfaConfiguration { val mfa: AuthorizationManagerFactory = DefaultAuthorizationManagerFactory.builder() .requireAdditionalAuthorities( - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, - GrantedAuthorities.FACTOR_OTT_AUTHORITY + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY ) .build() http { diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.kt index 60d6e9f6dd..44e0148424 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/selectivemfa/SelectiveMfaConfigurationTests.kt @@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith import org.springframework.beans.factory.annotation.Autowired import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContextExtension -import org.springframework.security.core.GrantedAuthorities +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.test.context.support.WithMockUser import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers @@ -47,7 +47,7 @@ class SelectiveMfaConfigurationTests { var mockMvc: MockMvc? = null @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN"]) @Throws(Exception::class) fun adminWhenMissingOttThenRequired() { this.spring.register( @@ -61,7 +61,7 @@ class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN"]) @Throws( Exception::class ) @@ -77,7 +77,7 @@ class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN"]) @Throws(Exception::class) fun userSettingsRequiresMfa() { this.spring.register( @@ -91,7 +91,7 @@ class SelectiveMfaConfigurationTests { } @Test - @WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_USER"]) + @WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_USER"]) @Throws(Exception::class) fun userSettingsWhenMissingOttThenRequired() { this.spring.register( diff --git a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.kt b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.kt index 3d96844b75..a4d9b9d10b 100644 --- a/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.kt +++ b/docs/src/test/kotlin/org/springframework/security/kt/docs/servlet/authentication/servletauthenticationauthentication/CopyAuthoritiesTests.kt @@ -10,18 +10,18 @@ import org.springframework.security.authentication.TestingAuthenticationToken import org.springframework.security.authentication.UsernamePasswordAuthenticationToken import org.springframework.security.authentication.ott.OneTimeTokenAuthentication import org.springframework.security.core.Authentication -import org.springframework.security.core.GrantedAuthorities import org.springframework.security.core.authority.AuthorityUtils +import org.springframework.security.core.authority.FactorGrantedAuthority import org.springframework.security.core.context.SecurityContextHolder class CopyAuthoritiesTests { @Test fun toBuilderWhenApplyThenCopies() { val previous: Authentication = UsernamePasswordAuthenticationToken("alice", "pass", - AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)) + AuthorityUtils.createAuthorityList(FactorGrantedAuthority.PASSWORD_AUTHORITY)) SecurityContextHolder.getContext().authentication = previous var latest: Authentication = OneTimeTokenAuthentication("bob", - AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY)) + AuthorityUtils.createAuthorityList(FactorGrantedAuthority.OTT_AUTHORITY)) val authenticationManager: AuthenticationManager = Mockito.mock(AuthenticationManager::class.java) BDDMockito.given(authenticationManager.authenticate(ArgumentMatchers.any())).willReturn(latest) val authenticationRequest: Authentication = TestingAuthenticationToken("user", "pass") @@ -34,7 +34,10 @@ class CopyAuthoritiesTests { }.build() } // end::springSecurity[] - SecurityAssertions.assertThat(latestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY) + SecurityAssertions.assertThat(latestResult).hasAuthorities( + FactorGrantedAuthority.PASSWORD_AUTHORITY, + FactorGrantedAuthority.OTT_AUTHORITY + ) SecurityContextHolder.clearContext() } } diff --git a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java index 6b2b8150c1..ac78d44b5a 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java +++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java @@ -32,7 +32,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.authority.FactorGrantedAuthority; @@ -53,7 +52,7 @@ import org.springframework.util.StringUtils; */ public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY; protected final Log logger = LogFactory.getLog(getClass()); diff --git a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java index fdc5d85842..6705426af7 100644 --- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java +++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java @@ -29,9 +29,9 @@ import org.springframework.security.authentication.InternalAuthenticationService import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator; @@ -165,7 +165,7 @@ public class LdapAuthenticationProviderTests { LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(authenticator, populator); UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken("ben", "benspassword"); Authentication result = ldapProvider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY); } class MockAuthenticator implements LdapAuthenticator { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java index c7fce78574..152e4fc297 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java @@ -24,7 +24,6 @@ import java.util.Map; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; @@ -70,7 +69,7 @@ import org.springframework.util.Assert; */ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY; private final OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java index c326d53d3f..35a3635d18 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProviderTests.java @@ -31,9 +31,9 @@ import org.mockito.stubbing.Answer; import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; @@ -220,7 +220,7 @@ public class OAuth2LoginAuthenticationProviderTests { Authentication request = new OAuth2LoginAuthenticationToken(this.clientRegistration, this.authorizationExchange); Authentication result = this.authenticationProvider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY); } private OAuth2AccessTokenResponse accessTokenSuccessResponse() { diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java index 15fbbddc65..90dd2414c4 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java @@ -21,7 +21,6 @@ import java.util.HashSet; import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.oauth2.jwt.Jwt; @@ -37,7 +36,7 @@ import org.springframework.util.Assert; */ public class JwtAuthenticationConverter implements Converter { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.BEARER_AUTHORITY; private Converter> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java index cfcbecedf2..0c97b1d429 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java @@ -28,7 +28,6 @@ import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.oauth2.core.OAuth2AccessToken; @@ -75,7 +74,7 @@ import org.springframework.util.Assert; */ public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.BEARER_AUTHORITY; private final Log logger = LogFactory.getLog(getClass()); diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java index 978cac4566..9e085f15e1 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverterTests.java @@ -25,8 +25,8 @@ import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.TestJwts; @@ -116,7 +116,7 @@ public class JwtAuthenticationConverterTests { public void convertWhenDefaultsThenIssuesFactor() { Jwt jwt = TestJwts.jwt().build(); Authentication result = this.jwtAuthenticationConverter.convert(jwt); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.BEARER_AUTHORITY); } } diff --git a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java index 2a2f3cf64f..6c19643dd5 100644 --- a/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java +++ b/oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProviderTests.java @@ -29,8 +29,8 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal; import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames; import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals; @@ -155,7 +155,7 @@ public class OpaqueTokenAuthenticationProviderTests { OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector); Authentication request = new BearerTokenAuthenticationToken("token"); Authentication result = provider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.BEARER_AUTHORITY); } static Predicate isScope() { diff --git a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java index 91ba7c1a61..ba7db2718a 100644 --- a/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java +++ b/saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java @@ -58,7 +58,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.FactorGrantedAuthority; @@ -114,7 +113,7 @@ import org.springframework.util.StringUtils; */ public final class OpenSaml5AuthenticationProvider implements AuthenticationProvider { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY; private final BaseOpenSamlAuthenticationProvider delegate; diff --git a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java index 44c8dc8f61..35510564ca 100644 --- a/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java +++ b/saml2/saml2-service-provider/src/opensaml5Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProviderTests.java @@ -73,9 +73,9 @@ import org.opensaml.xmlsec.signature.support.SignatureConstants; import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.jackson2.SecurityJackson2Modules; import org.springframework.security.saml2.core.Saml2Error; import org.springframework.security.saml2.core.Saml2ErrorCodes; @@ -991,7 +991,7 @@ public class OpenSaml5AuthenticationProviderTests { Response response = TestOpenSamlObjects.signedResponseWithOneAssertion(); Authentication request = token(response, verifying(registration())); Authentication result = this.provider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY); } private T build(QName qName) { diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java index 4d5bd433b4..9b4a16a1c0 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java @@ -27,8 +27,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -70,7 +70,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests { public void withAuthoritiesStringAllowsAnyOrderAndPermitsAnyImpl() throws Exception { this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthorities("ROLE_ADMIN", "ROLE_SELLER", - GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)); + FactorGrantedAuthority.PASSWORD_AUTHORITY)); } @Test @@ -84,7 +84,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests { @Test public void withAuthoritiesStringSupportsCustomAuthority() throws Exception { this.mockMvc.perform(formLogin().user("custom")) - .andExpect(authenticated().withAuthorities(ROLE_CUSTOM, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)); + .andExpect(authenticated().withAuthorities(ROLE_CUSTOM, FactorGrantedAuthority.PASSWORD_AUTHORITY)); } @Configuration diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java index db9ef10ae8..1bb07477dd 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java @@ -33,7 +33,7 @@ import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.authorization.FactorAuthorizationDecision; import org.springframework.security.authorization.RequiredFactor; import org.springframework.security.authorization.RequiredFactorError; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.web.WebAttributes; @@ -213,7 +213,7 @@ public class DefaultLoginPageGeneratingFilterTests { filter.setOneTimeTokenGenerationUrl("/ott/authenticate"); MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest loginRequest = createLoginRequestFromMissingAuthority( - GrantedAuthorities.FACTOR_OTT_AUTHORITY); + FactorGrantedAuthority.OTT_AUTHORITY); filter.doFilter(loginRequest, response, this.chain); assertThat(response.getContentAsString()).contains("Request a One-Time Token"); assertThat(response.getContentAsString()).contains(""" diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java index 30e65f713b..4207a912d8 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java @@ -23,7 +23,6 @@ import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthorities; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; @@ -45,7 +44,7 @@ import org.springframework.util.Assert; */ public class WebAuthnAuthenticationProvider implements AuthenticationProvider { - private static final String AUTHORITY = GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY; + private static final String AUTHORITY = FactorGrantedAuthority.WEBAUTHN_AUTHORITY; private final WebAuthnRelyingPartyOperations relyingPartyOperations; diff --git a/webauthn/src/test/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProviderTests.java b/webauthn/src/test/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProviderTests.java index 613e536c18..8cde5aeca7 100644 --- a/webauthn/src/test/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProviderTests.java +++ b/webauthn/src/test/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProviderTests.java @@ -20,7 +20,7 @@ import org.junit.jupiter.api.Test; import org.springframework.security.authentication.SecurityAssertions; import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthorities; +import org.springframework.security.core.authority.FactorGrantedAuthority; import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse; @@ -56,7 +56,7 @@ class WebAuthnAuthenticationProviderTests { given(users.loadUserByUsername(any())).willReturn(PasswordEncodedUser.user()); given(operations.authenticate(any())).willReturn(TestPublicKeyCredentialUserEntities.userEntity().build()); Authentication result = provider.authenticate(request); - SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY); + SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.WEBAUTHN_AUTHORITY); } }