This commit revises AuthorizationAnnotationUtils as follows.
- Removes code duplication by treating both Class and Method as
AnnotatedElement.
- Avoids duplicated annotation searches by processing merged
annotations in a single Stream instead of first using the
MergedAnnotations API to find possible duplicates and then again
searching for a single annotation via AnnotationUtils (which
effectively performs the same search using the MergedAnnotations API
internally).
- Uses `.distinct()` within the Stream to avoid the need for the
workaround introduced in gh-13625. Note that the semantics here
result in duplicate "equivalent" annotations being ignored. In other
words, if @PreAuthorize("hasRole('someRole')") is present multiple
times as a meta-annotation, no exception will be thrown and the first
such annotation found will be used.
- Improves the error message when competing annotations are found by
including the competing annotations in the error message.
- Updates AuthorizationAnnotationUtilsTests to cover all known,
supported use cases.
- Configures correct role in @RequireUserRole.
Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.
See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
- Change to #fromHierarchy to match naming convention
- Keep existing test methods the same
- Deprecate setHierarchy and default constructor
- Add private Map constructor
- Change Adjust RoleHierarchyBuilder to use Map constructor
Issue gh-13788
- Added documentation
- Removed withNoRolePrefix for now; let's see how folks
use the minimal API first
- Adjusted class hierarchy to match AuthorizeHttpRequests more
closely
- Adjusted to match Spring Security style guide
- Added needed @since attributes
Issue gh-13300
Due to how early method interceptors are loaded during startup
it's reasonable to consider scenarios where applications are
changing the global security context holder strategy during
startup.
Closes gh-12877
This commit removes unnecessary main-branch merges starting from
8750608b5b and adds the following
needed commit(s) that were made afterward:
- 5dce82c48b
Josh Cummings
Marcus Hert Da Coregio
ruabtmh
Rob Winch
DingHao
Sam Brannen
Steve Riesenberg
Federico Herrera
Taehong Kim
Angel Aguilera
ahmd-nabil
Toshiaki Maki
Yuriy Savchenko
Angel Aguilera
YangSiJun528
Steve Riesenberg
Martin Lukas
valery1707