mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-21 17:58:48 +00:00
Move toBuilder to BuildableAuthentication
Closes gh-18052
This commit is contained in:
Josh Cummings
parent
fbf7bb3be1
commit
e535e61c8b
@ -23,6 +23,7 @@ import org.apereo.cas.client.validation.Assertion;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.util.Assert;
|
||||
@ -34,7 +35,8 @@ import org.springframework.util.ObjectUtils;
|
||||
* @author Ben Alex
|
||||
* @author Scott Battaglia
|
||||
*/
|
||||
public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
|
||||
public class CasAuthenticationToken extends AbstractAuthenticationToken
|
||||
implements BuildableAuthentication, Serializable {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.Collection;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -32,7 +33,8 @@ import org.springframework.util.Assert;
|
||||
* @author Hal Deadman
|
||||
* @since 6.1
|
||||
*/
|
||||
public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationToken
|
||||
implements BuildableAuthentication {
|
||||
|
||||
static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
|
||||
|
||||
|
||||
@ -28,6 +28,7 @@ import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.AuthenticatedPrincipal;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.CredentialsContainer;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
@ -198,15 +199,15 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre
|
||||
}
|
||||
|
||||
/**
|
||||
* A common abstract implementation of {@link Authentication.Builder}. It implements
|
||||
* the builder methods that correspond to the {@link Authentication} methods that
|
||||
* {@link AbstractAuthenticationToken} implements
|
||||
* A common abstract implementation of {@link BuildableAuthentication.Builder}. It
|
||||
* implements the builder methods that correspond to the {@link Authentication}
|
||||
* methods that {@link AbstractAuthenticationToken} implements
|
||||
*
|
||||
* @param <B>
|
||||
* @since 7.0
|
||||
*/
|
||||
protected abstract static class AbstractAuthenticationBuilder<B extends AbstractAuthenticationBuilder<B>>
|
||||
implements Authentication.Builder<B> {
|
||||
implements BuildableAuthentication.Builder<B> {
|
||||
|
||||
private boolean authenticated;
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@ import java.util.Collection;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -32,7 +33,7 @@ import org.springframework.util.Assert;
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class RememberMeAuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.List;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.util.Assert;
|
||||
@ -34,7 +35,7 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
public class TestingAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class TestingAuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@ import java.util.Collection;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -35,7 +36,8 @@ import org.springframework.util.Assert;
|
||||
* @author Ben Alex
|
||||
* @author Norbert Nowak
|
||||
*/
|
||||
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
|
||||
implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.Collection;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -31,7 +32,7 @@ import org.springframework.util.Assert;
|
||||
* @author Josh Cummings
|
||||
* @since 7.0
|
||||
*/
|
||||
public class OneTimeTokenAuthentication extends AbstractAuthenticationToken {
|
||||
public class OneTimeTokenAuthentication extends AbstractAuthenticationToken implements BuildableAuthentication {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1195893764725073959L;
|
||||
|
||||
@ -19,7 +19,6 @@ package org.springframework.security.core;
|
||||
import java.io.Serializable;
|
||||
import java.security.Principal;
|
||||
import java.util.Collection;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
@ -137,110 +136,4 @@ public interface Authentication extends Principal, Serializable {
|
||||
*/
|
||||
void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* Return an {@link Builder} based on this instance. By default, returns a builder
|
||||
* that builds a {@link SimpleAuthentication}.
|
||||
* <p>
|
||||
* Although a {@code default} method, all {@link Authentication} implementations
|
||||
* should implement this. The reason is to ensure that the {@link Authentication} type
|
||||
* is preserved when {@link Builder#build} is invoked. This is especially important in
|
||||
* the event that your authentication implementation contains custom fields.
|
||||
* </p>
|
||||
* <p>
|
||||
* This isn't strictly necessary since it is recommended that applications code to the
|
||||
* {@link Authentication} interface and that custom information is often contained in
|
||||
* the {@link Authentication#getPrincipal} value.
|
||||
* </p>
|
||||
* @return an {@link Builder} for building a new {@link Authentication} based on this
|
||||
* instance
|
||||
* @since 7.0
|
||||
*/
|
||||
default Builder<?> toBuilder() {
|
||||
return new SimpleAuthentication.Builder(this);
|
||||
}
|
||||
|
||||
/**
|
||||
* A builder based on a given {@link Authentication} instance
|
||||
*
|
||||
* @author Josh Cummings
|
||||
* @since 7.0
|
||||
*/
|
||||
interface Builder<B extends Builder<B>> {
|
||||
|
||||
/**
|
||||
* Mutate the authorities with this {@link Consumer}.
|
||||
* <p>
|
||||
* Note that since a non-empty set of authorities implies an
|
||||
* {@link Authentication} is authenticated, this method also marks the
|
||||
* authentication as {@link #authenticated} by default.
|
||||
* </p>
|
||||
* @param authorities a consumer that receives the full set of authorities
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getAuthorities
|
||||
*/
|
||||
B authorities(Consumer<Collection<GrantedAuthority>> authorities);
|
||||
|
||||
/**
|
||||
* Use this credential.
|
||||
* <p>
|
||||
* Note that since some credentials are insecure to store, this method is
|
||||
* implemented as unsupported by default. Only implement or use this method if you
|
||||
* support secure storage of the credential or if your implementation also
|
||||
* implements {@link CredentialsContainer} and the credentials are thereby erased.
|
||||
* </p>
|
||||
* @param credentials the credentials to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getCredentials
|
||||
*/
|
||||
default B credentials(@Nullable Object credentials) {
|
||||
throw new UnsupportedOperationException(
|
||||
String.format("%s does not store credentials", this.getClass().getSimpleName()));
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this details object.
|
||||
* <p>
|
||||
* Implementations may choose to use these {@code details} in combination with any
|
||||
* principal from the pre-existing {@link Authentication} instance.
|
||||
* </p>
|
||||
* @param details the details to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getDetails
|
||||
*/
|
||||
B details(@Nullable Object details);
|
||||
|
||||
/**
|
||||
* Use this principal.
|
||||
* <p>
|
||||
* Note that in many cases, the principal is strongly-typed. Implementations may
|
||||
* choose to do a type check and are not necessarily expected to allow any object
|
||||
* as a principal.
|
||||
* </p>
|
||||
* <p>
|
||||
* Implementations may choose to use this {@code principal} in combination with
|
||||
* any principal from the pre-existing {@link Authentication} instance.
|
||||
* </p>
|
||||
* @param principal the principal to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getPrincipal
|
||||
*/
|
||||
B principal(@Nullable Object principal);
|
||||
|
||||
/**
|
||||
* Mark this authentication as authenticated or not
|
||||
* @param authenticated whether this is an authenticated {@link Authentication}
|
||||
* instance
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#isAuthenticated
|
||||
*/
|
||||
B authenticated(boolean authenticated);
|
||||
|
||||
/**
|
||||
* Build an {@link Authentication} instance
|
||||
* @return the {@link Authentication} instance
|
||||
*/
|
||||
Authentication build();
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,163 @@
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
/**
|
||||
* Represents the token for an authentication request or for an authenticated principal
|
||||
* once the request has been processed by the
|
||||
* {@link AuthenticationManager#authenticate(Authentication)} method.
|
||||
* <p>
|
||||
* Once the request has been authenticated, the <tt>Authentication</tt> will usually be
|
||||
* stored in a thread-local <tt>SecurityContext</tt> managed by the
|
||||
* {@link SecurityContextHolder} by the authentication mechanism which is being used. An
|
||||
* explicit authentication can be achieved, without using one of Spring Security's
|
||||
* authentication mechanisms, by creating an <tt>Authentication</tt> instance and using
|
||||
* the code:
|
||||
*
|
||||
* <pre>
|
||||
* SecurityContext context = SecurityContextHolder.createEmptyContext();
|
||||
* context.setAuthentication(anAuthentication);
|
||||
* SecurityContextHolder.setContext(context);
|
||||
* </pre>
|
||||
*
|
||||
* Note that unless the <tt>Authentication</tt> has the <tt>authenticated</tt> property
|
||||
* set to <tt>true</tt>, it will still be authenticated by any security interceptor (for
|
||||
* method or web invocations) which encounters it.
|
||||
* <p>
|
||||
* In most cases, the framework transparently takes care of managing the security context
|
||||
* and authentication objects for you.
|
||||
*
|
||||
* @author Ben Alex
|
||||
*/
|
||||
public interface BuildableAuthentication extends Authentication {
|
||||
|
||||
/**
|
||||
* Return an {@link Builder} based on this instance.
|
||||
* <p>
|
||||
* Although a {@code default} method, all {@link BuildableAuthentication}
|
||||
* implementations should implement this. The reason is to ensure that the
|
||||
* {@link BuildableAuthentication} type is preserved when {@link Builder#build} is
|
||||
* invoked. This is especially important in the event that your authentication
|
||||
* implementation contains custom fields.
|
||||
* </p>
|
||||
* <p>
|
||||
* This isn't strictly necessary since it is recommended that applications code to the
|
||||
* {@link Authentication} interface and that custom information is often contained in
|
||||
* the {@link Authentication#getPrincipal} value.
|
||||
* </p>
|
||||
* @return an {@link Builder} for building a new {@link BuildableAuthentication} based
|
||||
* on this instance
|
||||
* @since 7.0
|
||||
*/
|
||||
Builder<?> toBuilder();
|
||||
|
||||
/**
|
||||
* A builder based on a given {@link BuildableAuthentication} instance
|
||||
*
|
||||
* @author Josh Cummings
|
||||
* @since 7.0
|
||||
*/
|
||||
interface Builder<B extends Builder<B>> {
|
||||
|
||||
/**
|
||||
* Mutate the authorities with this {@link Consumer}.
|
||||
* <p>
|
||||
* Note that since a non-empty set of authorities implies an
|
||||
* {@link Authentication} is authenticated, this method also marks the
|
||||
* authentication as {@link #authenticated} by default.
|
||||
* </p>
|
||||
* @param authorities a consumer that receives the full set of authorities
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getAuthorities
|
||||
*/
|
||||
B authorities(Consumer<Collection<GrantedAuthority>> authorities);
|
||||
|
||||
/**
|
||||
* Use this credential.
|
||||
* <p>
|
||||
* Note that since some credentials are insecure to store, this method is
|
||||
* implemented as unsupported by default. Only implement or use this method if you
|
||||
* support secure storage of the credential or if your implementation also
|
||||
* implements {@link CredentialsContainer} and the credentials are thereby erased.
|
||||
* </p>
|
||||
* @param credentials the credentials to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getCredentials
|
||||
*/
|
||||
default B credentials(@Nullable Object credentials) {
|
||||
throw new UnsupportedOperationException(
|
||||
String.format("%s does not store credentials", this.getClass().getSimpleName()));
|
||||
}
|
||||
|
||||
/**
|
||||
* Use this details object.
|
||||
* <p>
|
||||
* Implementations may choose to use these {@code details} in combination with any
|
||||
* principal from the pre-existing {@link Authentication} instance.
|
||||
* </p>
|
||||
* @param details the details to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getDetails
|
||||
*/
|
||||
B details(@Nullable Object details);
|
||||
|
||||
/**
|
||||
* Use this principal.
|
||||
* <p>
|
||||
* Note that in many cases, the principal is strongly-typed. Implementations may
|
||||
* choose to do a type check and are not necessarily expected to allow any object
|
||||
* as a principal.
|
||||
* </p>
|
||||
* <p>
|
||||
* Implementations may choose to use this {@code principal} in combination with
|
||||
* any principal from the pre-existing {@link Authentication} instance.
|
||||
* </p>
|
||||
* @param principal the principal to use
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#getPrincipal
|
||||
*/
|
||||
B principal(@Nullable Object principal);
|
||||
|
||||
/**
|
||||
* Mark this authentication as authenticated or not
|
||||
* @param authenticated whether this is an authenticated
|
||||
* {@link Authentication} instance
|
||||
* @return the {@link Builder} for additional configuration
|
||||
* @see Authentication#isAuthenticated
|
||||
*/
|
||||
B authenticated(boolean authenticated);
|
||||
|
||||
/**
|
||||
* Build an {@link Authentication} instance
|
||||
* @return the {@link Authentication} instance
|
||||
*/
|
||||
Authentication build();
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,151 +0,0 @@
|
||||
/*
|
||||
* Copyright 2004-present the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.util.Collection;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
@Transient
|
||||
final class SimpleAuthentication implements Authentication {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 3194696462184782814L;
|
||||
|
||||
private final @Nullable Object principal;
|
||||
|
||||
private final @Nullable Object credentials;
|
||||
|
||||
private final Collection<GrantedAuthority> authorities;
|
||||
|
||||
private final @Nullable Object details;
|
||||
|
||||
private final boolean authenticated;
|
||||
|
||||
private SimpleAuthentication(Builder builder) {
|
||||
this.principal = builder.principal;
|
||||
this.credentials = builder.credentials;
|
||||
this.authorities = builder.authorities;
|
||||
this.details = builder.details;
|
||||
this.authenticated = builder.authenticated;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return this.authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public @Nullable Object getCredentials() {
|
||||
return this.credentials;
|
||||
}
|
||||
|
||||
@Override
|
||||
public @Nullable Object getDetails() {
|
||||
return this.details;
|
||||
}
|
||||
|
||||
@Override
|
||||
public @Nullable Object getPrincipal() {
|
||||
return this.principal;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAuthenticated() {
|
||||
return this.authenticated;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
|
||||
throw new IllegalArgumentException(
|
||||
"Instead of calling this setter, please call toBuilder to create a new instance");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return (this.principal == null) ? "" : this.principal.toString();
|
||||
}
|
||||
|
||||
static final class Builder implements Authentication.Builder<Builder> {
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private final Collection<GrantedAuthority> authorities = new LinkedHashSet<>();
|
||||
|
||||
private @Nullable Object principal;
|
||||
|
||||
private @Nullable Object credentials;
|
||||
|
||||
private @Nullable Object details;
|
||||
|
||||
private boolean authenticated;
|
||||
|
||||
Builder(Authentication authentication) {
|
||||
this.logger.debug("Creating a builder which will result in exchanging an authentication of type "
|
||||
+ authentication.getClass() + " for " + SimpleAuthentication.class.getSimpleName() + ";"
|
||||
+ " consider implementing " + authentication.getClass().getSimpleName() + "#toBuilder");
|
||||
this.authorities.addAll(authentication.getAuthorities());
|
||||
this.principal = authentication.getPrincipal();
|
||||
this.credentials = authentication.getCredentials();
|
||||
this.details = authentication.getDetails();
|
||||
this.authenticated = authentication.isAuthenticated();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder authorities(Consumer<Collection<GrantedAuthority>> authorities) {
|
||||
authorities.accept(this.authorities);
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder details(@Nullable Object details) {
|
||||
this.details = details;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder principal(@Nullable Object principal) {
|
||||
this.principal = principal;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder credentials(@Nullable Object credentials) {
|
||||
this.credentials = credentials;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Builder authenticated(boolean authenticated) {
|
||||
this.authenticated = authenticated;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authentication build() {
|
||||
return new SimpleAuthentication(this);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@ -8,6 +8,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@ -30,8 +31,9 @@ public class CopyAuthoritiesTests {
|
||||
// tag::springSecurity[]
|
||||
Authentication lastestResult = authenticationManager.authenticate(authenticationRequest);
|
||||
Authentication previousResult = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (previousResult != null && previousResult.isAuthenticated()) {
|
||||
lastestResult = lastestResult.toBuilder()
|
||||
if (previousResult != null && previousResult.isAuthenticated() &&
|
||||
lastestResult instanceof BuildableAuthentication buildable) {
|
||||
lastestResult = buildable.toBuilder()
|
||||
.authorities((a) -> a.addAll(previous.getAuthorities()))
|
||||
.build();
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
|
||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication
|
||||
import org.springframework.security.core.Authentication
|
||||
import org.springframework.security.core.BuildableAuthentication
|
||||
import org.springframework.security.core.authority.AuthorityUtils
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||
import org.springframework.security.core.context.SecurityContextHolder
|
||||
@ -28,7 +29,7 @@ class CopyAuthoritiesTests {
|
||||
// tag::springSecurity[]
|
||||
var latestResult: Authentication = authenticationManager.authenticate(authenticationRequest)
|
||||
val previousResult = SecurityContextHolder.getContext().authentication;
|
||||
if (previousResult?.isAuthenticated == true) {
|
||||
if (previousResult?.isAuthenticated == true && latestResult is BuildableAuthentication) {
|
||||
latestResult = latestResult.toBuilder().authorities { a ->
|
||||
a.addAll(previousResult.authorities)
|
||||
}.build()
|
||||
|
||||
@ -22,6 +22,7 @@ import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
|
||||
import org.springframework.security.oauth2.core.user.OAuth2User;
|
||||
@ -42,7 +43,7 @@ import org.springframework.util.Assert;
|
||||
* @see OAuth2User
|
||||
* @see OAuth2AuthorizedClient
|
||||
*/
|
||||
public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class OAuth2AuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -24,6 +24,7 @@ import java.util.Map;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.Transient;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
@ -38,7 +39,8 @@ import org.springframework.util.Assert;
|
||||
* @since 5.2
|
||||
*/
|
||||
@Transient
|
||||
public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken> {
|
||||
public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>
|
||||
implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.Map;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.Transient;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
@ -37,7 +38,8 @@ import org.springframework.util.Assert;
|
||||
* @see Jwt
|
||||
*/
|
||||
@Transient
|
||||
public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationToken<Jwt> {
|
||||
public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationToken<Jwt>
|
||||
implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -30,6 +30,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
@ -182,10 +183,12 @@ public class BearerTokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||
if (current != null && current.isAuthenticated()) {
|
||||
authenticationResult = authenticationResult.toBuilder()
|
||||
if (authenticationResult instanceof BuildableAuthentication buildable) {
|
||||
authenticationResult = buildable.toBuilder()
|
||||
.authorities((a) -> a.addAll(current.getAuthorities()))
|
||||
.build();
|
||||
}
|
||||
}
|
||||
SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
|
||||
context.setAuthentication(authenticationResult);
|
||||
this.securityContextHolderStrategy.setContext(context);
|
||||
|
||||
@ -21,6 +21,7 @@ import java.util.Collection;
|
||||
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.util.Assert;
|
||||
@ -33,7 +34,7 @@ import org.springframework.util.Assert;
|
||||
* @see Saml2ResponseAssertionAccessor
|
||||
* @see Saml2ResponseAssertion
|
||||
*/
|
||||
public class Saml2AssertionAuthentication extends Saml2Authentication {
|
||||
public class Saml2AssertionAuthentication extends Saml2Authentication implements BuildableAuthentication {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4194323643788693205L;
|
||||
|
||||
@ -41,6 +41,7 @@ import org.springframework.security.authentication.InternalAuthenticationService
|
||||
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
@ -253,7 +254,8 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
|
||||
}
|
||||
Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||
if (current != null && current.isAuthenticated()) {
|
||||
authenticationResult = authenticationResult.toBuilder()
|
||||
if (authenticationResult instanceof BuildableAuthentication buildable) {
|
||||
authenticationResult = buildable.toBuilder()
|
||||
// @formatter:off
|
||||
.authorities((a) -> {
|
||||
Set<String> newAuthorities = a.stream()
|
||||
@ -268,6 +270,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
this.sessionStrategy.onAuthentication(authenticationResult, request, response);
|
||||
// Authentication success
|
||||
if (this.continueChainBeforeSuccessfulAuthentication) {
|
||||
|
||||
@ -33,6 +33,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@ -189,7 +190,8 @@ public class AuthenticationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||
if (current != null && current.isAuthenticated()) {
|
||||
authenticationResult = authenticationResult.toBuilder()
|
||||
if (authenticationResult instanceof BuildableAuthentication buildable) {
|
||||
authenticationResult = buildable.toBuilder()
|
||||
// @formatter:off
|
||||
.authorities((a) -> {
|
||||
Set<String> newAuthorities = a.stream()
|
||||
@ -204,6 +206,7 @@ public class AuthenticationFilter extends OncePerRequestFilter {
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
HttpSession session = request.getSession(false);
|
||||
if (session != null) {
|
||||
request.changeSessionId();
|
||||
|
||||
@ -37,6 +37,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@ -209,7 +210,8 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
|
||||
Authentication authenticationResult = this.authenticationManager.authenticate(authenticationRequest);
|
||||
Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||
if (current != null && current.isAuthenticated()) {
|
||||
authenticationResult = authenticationResult.toBuilder()
|
||||
if (authenticationResult instanceof BuildableAuthentication buildable) {
|
||||
authenticationResult = buildable.toBuilder()
|
||||
// @formatter:off
|
||||
.authorities((a) -> {
|
||||
Set<String> newAuthorities = a.stream()
|
||||
@ -224,6 +226,7 @@ public abstract class AbstractPreAuthenticatedProcessingFilter extends GenericFi
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
successfulAuthentication(request, response, authenticationResult);
|
||||
}
|
||||
catch (AuthenticationException ex) {
|
||||
|
||||
@ -21,6 +21,7 @@ import java.util.Collection;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
@ -31,7 +32,8 @@ import org.springframework.util.Assert;
|
||||
* @author Ruud Senden
|
||||
* @since 2.0
|
||||
*/
|
||||
public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationToken
|
||||
implements BuildableAuthentication {
|
||||
|
||||
private static final long serialVersionUID = 620L;
|
||||
|
||||
|
||||
@ -33,6 +33,7 @@ import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@ -191,7 +192,8 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
|
||||
Authentication authResult = this.authenticationManager.authenticate(authRequest);
|
||||
Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||
if (current != null && current.isAuthenticated()) {
|
||||
authResult = authResult.toBuilder()
|
||||
if (authResult instanceof BuildableAuthentication buildable) {
|
||||
authResult = buildable.toBuilder()
|
||||
// @formatter:off
|
||||
.authorities((a) -> {
|
||||
Set<String> newAuthorities = a.stream()
|
||||
@ -206,6 +208,7 @@ public class BasicAuthenticationFilter extends OncePerRequestFilter {
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
|
||||
context.setAuthentication(authResult);
|
||||
this.securityContextHolderStrategy.setContext(context);
|
||||
|
||||
@ -29,6 +29,7 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
@ -141,7 +142,10 @@ public class AuthenticationWebFilter implements WebFilter {
|
||||
if (!current.isAuthenticated()) {
|
||||
return result;
|
||||
}
|
||||
return result.toBuilder()
|
||||
if (!(result instanceof BuildableAuthentication buildable)) {
|
||||
return result;
|
||||
}
|
||||
return buildable.toBuilder()
|
||||
// @formatter:off
|
||||
.authorities((a) -> {
|
||||
Set<String> newAuthorities = a.stream()
|
||||
|
||||
@ -22,6 +22,7 @@ import java.util.Collection;
|
||||
import org.jspecify.annotations.Nullable;
|
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.BuildableAuthentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
|
||||
import org.springframework.util.Assert;
|
||||
@ -34,7 +35,7 @@ import org.springframework.util.Assert;
|
||||
* @since 6.4
|
||||
* @see WebAuthnAuthenticationRequestToken
|
||||
*/
|
||||
public class WebAuthnAuthentication extends AbstractAuthenticationToken {
|
||||
public class WebAuthnAuthentication extends AbstractAuthenticationToken implements BuildableAuthentication {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = -4879907158750659197L;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user