root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 38 Packages Projects Releases Wiki Activity

Polish 

Issue gh-16622

Signed-off-by: Evgeniy Cheban <mister.cheban@gmail.com>
This commit is contained in:
Evgeniy Cheban 2025-04-20 09:14:07 +03:00
parent 6930987f95
commit 380927f434
No known key found for this signature in database
GPG Key ID: CE6CCAEB5B2775D6
3 changed files with 92 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
core/src/main/java/org/springframework/security/authorization/method/MethodAuthorizationDeniedHandlerResolver.java Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.authorization.method;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.function.BiFunction;
import org.springframework.context.ApplicationContext;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.core.annotation.SecurityAnnotationScanners;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* For internal use only, as this contract is likely to change.
*
* @author Evgeniy Cheban
*/
final class MethodAuthorizationDeniedHandlerResolver {
private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
.requireUnique(HandleAuthorizationDenied.class);
private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> resolver;
MethodAuthorizationDeniedHandlerResolver(Class<?> managerClass) {
this.resolver = (beanName, handlerClass) -> new ReflectiveMethodAuthorizationDeniedHandler(handlerClass,
managerClass);
}
void setContext(ApplicationContext context) {
Assert.notNull(context, "context cannot be null");
this.resolver = (beanName, handlerClass) -> doResolve(context, beanName, handlerClass);
}
MethodAuthorizationDeniedHandler resolve(Method method, Class<?> targetClass) {
HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClass);
if (deniedHandler != null) {
return this.resolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
}
return this.defaultHandler;
}
private MethodAuthorizationDeniedHandler doResolve(ApplicationContext context, String beanName,
Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
if (StringUtils.hasText(beanName)) {
return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
}
if (handlerClass == this.defaultHandler.getClass()) {
return this.defaultHandler;
}
String[] beanNames = context.getBeanNamesForType(handlerClass);
if (beanNames.length == 0) {
throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
}
if (beanNames.length > 1) {
throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
+ " but found " + Arrays.toString(beanNames)
+ " consider using 'handler' attribute to refer to specific bean");
}
return context.getBean(beanNames[0], handlerClass);
}
}

53
core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -17,8 +17,6 @@
package org.springframework.security.authorization.method;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.function.BiFunction;
import reactor.util.annotation.NonNull;
@ -28,8 +26,6 @@ import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.core.annotation.SecurityAnnotationScanners;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* For internal use only, as this contract is likely to change.
@ -40,21 +36,12 @@ import org.springframework.util.StringUtils;
*/
final class PostAuthorizeExpressionAttributeRegistry extends AbstractExpressionAttributeRegistry<ExpressionAttribute> {
private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
.requireUnique(HandleAuthorizationDenied.class);
private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> handlerResolver;
private final MethodAuthorizationDeniedHandlerResolver handlerResolver = new MethodAuthorizationDeniedHandlerResolver(
PostAuthorizeAuthorizationManager.class);
private SecurityAnnotationScanner<PostAuthorize> postAuthorizeScanner = SecurityAnnotationScanners
.requireUnique(PostAuthorize.class);
PostAuthorizeExpressionAttributeRegistry() {
this.handlerResolver = (beanName, clazz) -> new ReflectiveMethodAuthorizationDeniedHandler(clazz,
PostAuthorizeAuthorizationManager.class);
}
@NonNull
@Override
ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
@ -63,19 +50,11 @@ final class PostAuthorizeExpressionAttributeRegistry extends AbstractExpressionA
return ExpressionAttribute.NULL_ATTRIBUTE;
}
Expression expression = getExpressionHandler().getExpressionParser().parseExpression(postAuthorize.value());
MethodAuthorizationDeniedHandler deniedHandler = resolveHandler(method, targetClass);
MethodAuthorizationDeniedHandler deniedHandler = this.handlerResolver.resolve(method,
targetClass(method, targetClass));
return new PostAuthorizeExpressionAttribute(expression, deniedHandler);
}
private MethodAuthorizationDeniedHandler resolveHandler(Method method, Class<?> targetClass) {
Class<?> targetClassToUse = targetClass(method, targetClass);
HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClassToUse);
if (deniedHandler != null) {
return this.handlerResolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
}
return this.defaultHandler;
}
private PostAuthorize findPostAuthorizeAnnotation(Method method, Class<?> targetClass) {
Class<?> targetClassToUse = targetClass(method, targetClass);
return this.postAuthorizeScanner.scan(method, targetClassToUse);
@ -87,31 +66,11 @@ final class PostAuthorizeExpressionAttributeRegistry extends AbstractExpressionA
* @param context the {@link ApplicationContext} to use
*/
void setApplicationContext(ApplicationContext context) {
Assert.notNull(context, "context cannot be null");
this.handlerResolver = (beanName, clazz) -> resolveHandler(context, beanName, clazz);
this.handlerResolver.setContext(context);
}
void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults) {
this.postAuthorizeScanner = SecurityAnnotationScanners.requireUnique(PostAuthorize.class, templateDefaults);
}
private MethodAuthorizationDeniedHandler resolveHandler(ApplicationContext context, String beanName,
Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
if (StringUtils.hasText(beanName)) {
return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
}
if (handlerClass == this.defaultHandler.getClass()) {
return this.defaultHandler;
}
String[] beanNames = context.getBeanNamesForType(handlerClass);
if (beanNames.length == 0) {
throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
}
if (beanNames.length > 1) {
throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
+ " but found " + Arrays.toString(beanNames));
}
return context.getBean(beanNames[0], handlerClass);
}
}

51
core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java
View File

@ -17,8 +17,6 @@
package org.springframework.security.authorization.method;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.function.BiFunction;
import org.springframework.context.ApplicationContext;
import org.springframework.expression.Expression;
@ -27,8 +25,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
import org.springframework.security.core.annotation.SecurityAnnotationScanner;
import org.springframework.security.core.annotation.SecurityAnnotationScanners;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* For internal use only, as this contract is likely to change.
@ -39,21 +35,12 @@ import org.springframework.util.StringUtils;
*/
final class PreAuthorizeExpressionAttributeRegistry extends AbstractExpressionAttributeRegistry<ExpressionAttribute> {
private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
.requireUnique(HandleAuthorizationDenied.class);
private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> handlerResolver;
private final MethodAuthorizationDeniedHandlerResolver handlerResolver = new MethodAuthorizationDeniedHandlerResolver(
PreAuthorizeAuthorizationManager.class);
private SecurityAnnotationScanner<PreAuthorize> preAuthorizeScanner = SecurityAnnotationScanners
.requireUnique(PreAuthorize.class);
PreAuthorizeExpressionAttributeRegistry() {
this.handlerResolver = (beanName, clazz) -> new ReflectiveMethodAuthorizationDeniedHandler(clazz,
PreAuthorizeAuthorizationManager.class);
}
@NonNull
@Override
ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
@ -62,19 +49,11 @@ final class PreAuthorizeExpressionAttributeRegistry extends AbstractExpressionAt
return ExpressionAttribute.NULL_ATTRIBUTE;
}
Expression expression = getExpressionHandler().getExpressionParser().parseExpression(preAuthorize.value());
MethodAuthorizationDeniedHandler handler = resolveHandler(method, targetClass);
MethodAuthorizationDeniedHandler handler = this.handlerResolver.resolve(method,
targetClass(method, targetClass));
return new PreAuthorizeExpressionAttribute(expression, handler);
}
private MethodAuthorizationDeniedHandler resolveHandler(Method method, Class<?> targetClass) {
Class<?> targetClassToUse = targetClass(method, targetClass);
HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClassToUse);
if (deniedHandler != null) {
return this.handlerResolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
}
return this.defaultHandler;
}
private PreAuthorize findPreAuthorizeAnnotation(Method method, Class<?> targetClass) {
Class<?> targetClassToUse = targetClass(method, targetClass);
return this.preAuthorizeScanner.scan(method, targetClassToUse);
@ -86,31 +65,11 @@ final class PreAuthorizeExpressionAttributeRegistry extends AbstractExpressionAt
* @param context the {@link ApplicationContext} to use
*/
void setApplicationContext(ApplicationContext context) {
Assert.notNull(context, "context cannot be null");
this.handlerResolver = (beanName, clazz) -> resolveHandler(context, beanName, clazz);
this.handlerResolver.setContext(context);
}
void setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults) {
this.preAuthorizeScanner = SecurityAnnotationScanners.requireUnique(PreAuthorize.class, defaults);
}
private MethodAuthorizationDeniedHandler resolveHandler(ApplicationContext context, String beanName,
Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
if (StringUtils.hasText(beanName)) {
return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
}
if (handlerClass == this.defaultHandler.getClass()) {
return this.defaultHandler;
}
String[] beanNames = context.getBeanNamesForType(handlerClass);
if (beanNames.length == 0) {
throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
}
if (beanNames.length > 1) {
throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
+ " but found " + Arrays.toString(beanNames));
}
return context.getBean(beanNames[0], handlerClass);
}
}