mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-27 14:22:47 +00:00
2b7d296994
This commit revises AuthorizationAnnotationUtils as follows.
- Removes code duplication by treating both Class and Method as
AnnotatedElement.
- Avoids duplicated annotation searches by processing merged
annotations in a single Stream instead of first using the
MergedAnnotations API to find possible duplicates and then again
searching for a single annotation via AnnotationUtils (which
effectively performs the same search using the MergedAnnotations API
internally).
- Uses `.distinct()` within the Stream to avoid the need for the
workaround introduced in gh-13625. Note that the semantics here
result in duplicate "equivalent" annotations being ignored. In other
words, if @PreAuthorize("hasRole('someRole')") is present multiple
times as a meta-annotation, no exception will be thrown and the first
such annotation found will be used.
- Improves the error message when competing annotations are found by
including the competing annotations in the error message.
- Updates AuthorizationAnnotationUtilsTests to cover all known,
supported use cases.
- Configures correct role in @RequireUserRole.
Please note this commit uses
`.map(MergedAnnotation::withNonMergedAttributes)` to retain backward
compatibility with previous versions of Spring Security. However, that
line can be deleted if the Spring Security team decides that it wishes
to support merged annotation attributes via custom composed
annotations. If that decision is made, the
composedMergedAnnotationsAreNotSupported() test should be renamed and
updated as explained in the comment in that method.
See gh-13625
See https://github.com/spring-projects/spring-framework/issues/31803
image::https://badges.gitter.im/Join%20Chat.svg[Gitter,link=https://gitter.im/spring-projects/spring-security?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge] image:https://github.com/spring-projects/spring-security/actions/workflows/continuous-integration-workflow.yml/badge.svg?branch=main["Build Status", link="https://github.com/spring-projects/spring-security/actions/workflows/continuous-integration-workflow.yml"] image:https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A["Revved up by Gradle Enterprise", link="https://ge.spring.io/scans?search.rootProjectNames=spring-security"] = Spring Security Spring Security provides security services for the https://docs.spring.io[Spring IO Platform]. Spring Security 6.0 requires Spring 6.0 as a minimum and also requires Java 17. For a detailed list of features and access to the latest release, please visit https://spring.io/projects[Spring projects]. == Code of Conduct Please see our https://github.com/spring-projects/.github/blob/main/CODE_OF_CONDUCT.md[code of conduct] == Downloading Artifacts See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#getting[Getting Spring Security] for how to obtain Spring Security. == Documentation Be sure to read the https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/[Spring Security Reference]. Extensive JavaDoc for the Spring Security code is also available in the https://docs.spring.io/spring-security/site/docs/current/api/[Spring Security API Documentation]. == Quick Start See https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-hello[Hello Spring Security] to get started with a "Hello, World" application. == Building from Source Spring Security uses a https://gradle.org[Gradle]-based build system. In the instructions below, https://vimeo.com/34436402[`./gradlew`] is invoked from the root of the source tree and serves as a cross-platform, self-contained bootstrap mechanism for the build. === Prerequisites https://docs.github.com/en/get-started/quickstart/set-up-git[Git] and the https://www.oracle.com/java/technologies/downloads/#java17[JDK17 build]. Be sure that your `JAVA_HOME` environment variable points to the `jdk-17` folder extracted from the JDK download. === Check out sources [indent=0] ---- git clone git@github.com:spring-projects/spring-security.git ---- === Install all `spring-*.jar` into your local Maven repository. [indent=0] ---- ./gradlew publishToMavenLocal ---- === Compile and test; build all JARs, distribution zips, and docs [indent=0] ---- ./gradlew build ---- The reference docs are not currently included in the distribution zip. You can build the reference docs for this branch by running the following command: ---- ./gradlew :spring-security-docs:antora ---- That command publishes the docs site to the `_docs/build/site_` directory. The https://github.com/spring-projects/spring-security/tree/docs-build[playbook branch] describes how to build the reference docs in detail. Discover more commands with `./gradlew tasks`. == Getting Support Check out the https://stackoverflow.com/questions/tagged/spring-security[Spring Security tags on Stack Overflow]. https://spring.io/support[Commercial support] is available too. == Contributing https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request[Pull requests] are welcome; see the https://github.com/spring-projects/spring-security/blob/main/CONTRIBUTING.adoc[contributor guidelines] for details. == License Spring Security is Open Source software released under the https://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].