root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Use RoleVoter for role checks in ReactiveSecurityContext 

See gh-11869
This commit is contained in:
Andy Wilkinson 2018-02-20 17:11:57 +00:00
parent ae45b6730b
commit 8f699cd6f6
1 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
View File

@ -19,6 +19,7 @@ package org.springframework.boot.actuate.endpoint.web.reactive;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.security.Principal; import java.security.Principal;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
import java.util.function.Supplier; import java.util.function.Supplier;
@ -42,11 +43,12 @@ import org.springframework.boot.actuate.endpoint.web.WebOperationRequestPredicat
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.util.ClassUtils; import org.springframework.util.ClassUtils;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ReflectionUtils; import org.springframework.util.ReflectionUtils;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestBody;
@ -390,7 +392,7 @@ public abstract class AbstractWebFluxEndpointHandlerMapping
private static final class ReactiveSecurityContext implements SecurityContext { private static final class ReactiveSecurityContext implements SecurityContext {
private static final String ROLE_PREFIX = "ROLE_"; private final RoleVoter roleVoter = new RoleVoter();
private final Authentication authentication; private final Authentication authentication;
@ -405,20 +407,12 @@ public abstract class AbstractWebFluxEndpointHandlerMapping
@Override @Override
public boolean isUserInRole(String role) { public boolean isUserInRole(String role) {
if (this.authentication == null || !this.authentication.isAuthenticated() if (!role.startsWith(this.roleVoter.getRolePrefix())) {
|| CollectionUtils.isEmpty(this.authentication.getAuthorities())) { role = this.roleVoter.getRolePrefix() + role;
return false;
} }
if (!role.startsWith(ROLE_PREFIX)) { return this.roleVoter.vote(this.authentication, null,
role = ROLE_PREFIX + role; Collections.singletonList(new SecurityConfig(
} role))) == AccessDecisionVoter.ACCESS_GRANTED;
for (GrantedAuthority grantedAuthority : this.authentication
.getAuthorities()) {
if (role.equals(grantedAuthority.getAuthority())) {
return true;
}
}
return false;
} }
} }