root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Authentication adds FactorGrantedAuthority 

Closes gh-18001
This commit is contained in:
Rob Winch 2025-10-02 09:33:13 -05:00
parent ce36fc1e76
commit 3f74991ce9
No known key found for this signature in database
9 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java
View File

@ -41,7 +41,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
@ -151,7 +151,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
this.userDetailsChecker.check(userDetails);
Collection<GrantedAuthority> authorities = new ArrayList<>(
this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
return new CasAuthenticationToken(this.key, userDetails, credentials, authorities, userDetails, assertion);
}
catch (TicketValidationException ex) {

4
core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
View File

@ -39,7 +39,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserCache;
@ -207,7 +207,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
// authentication events after cache expiry contain the details
Collection<GrantedAuthority> authorities = new LinkedHashSet<>(
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(principal,
authentication.getCredentials(), authorities);
result.setDetails(authentication.getDetails());

4
ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java
View File

@ -35,7 +35,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserDetails;
@ -107,7 +107,7 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
: user.getPassword();
Collection<GrantedAuthority> authorities = new LinkedHashSet<>(
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(user, password,
authorities);
result.setDetails(authentication.getDetails());

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
View File

@ -26,7 +26,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
@ -127,7 +127,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
Collection<GrantedAuthority> authorities = new HashSet<>(oauth2User.getAuthorities());
Collection<GrantedAuthority> mappedAuthorities = new LinkedHashSet<>(
this.authoritiesMapper.mapAuthorities(authorities));
mappedAuthorities.add(new SimpleGrantedAuthority(AUTHORITY));
mappedAuthorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(),
oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());

4
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java
View File

@ -23,7 +23,7 @@ import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtClaimNames;
import org.springframework.util.Assert;
@ -46,7 +46,7 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
@Override
public final AbstractAuthenticationToken convert(Jwt jwt) {
Collection<GrantedAuthority> authorities = new HashSet<>(this.jwtGrantedAuthoritiesConverter.convert(jwt));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
String principalClaimValue = jwt.getClaimAsString(this.principalClaimName);
return new JwtAuthenticationToken(jwt, authorities, principalClaimValue);
}

4
oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java
View File

@ -30,7 +30,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
@ -155,7 +155,7 @@ public final class OpaqueTokenAuthenticationProvider implements AuthenticationPr
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, introspectedToken,
iat, exp);
Collection<GrantedAuthority> authorities = new HashSet<>(authenticatedPrincipal.getAuthorities());
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
return new BearerTokenAuthentication(authenticatedPrincipal, accessToken, authorities);
}

4
saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java
View File

@ -61,7 +61,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.saml2.core.Saml2Error;
import org.springframework.security.saml2.core.Saml2ErrorCodes;
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
@ -906,7 +906,7 @@ public final class OpenSaml5AuthenticationProvider implements AuthenticationProv
Saml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal(username, accessor);
Collection<GrantedAuthority> authorities = new HashSet<>(
this.grantedAuthoritiesConverter.convert(assertion));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
return new Saml2AssertionAuthentication(principal, accessor, authorities, registrationId);
}

10
test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java
View File

@ -67,12 +67,10 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
}
@Test
public void withAuthoritiesNotOrderSensitive() throws Exception {
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
grantedAuthorities.add(new SimpleGrantedAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
public void withAuthoritiesStringAllowsAnyOrderAndPermitsAnyImpl() throws Exception {
this.mockMvc.perform(formLogin())
.andExpect(authenticated().withAuthorities("ROLE_ADMIN", "ROLE_SELLER",
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
}
@Test

4
webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java
View File

@ -25,7 +25,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthorities;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.FactorGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
@ -74,7 +74,7 @@ public class WebAuthnAuthenticationProvider implements AuthenticationProvider {
String username = userEntity.getName();
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
Collection<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
return new WebAuthnAuthentication(userEntity, authorities);
}
catch (RuntimeException ex) {