From eedcec9d5c3652bab7bde318109a1b5c332a96c1 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Thu, 28 Aug 2025 11:00:46 -0600 Subject: [PATCH] Move Core Access API Issue gh-17847 --- access/spring-security-access.gradle | 42 ++++++++++ .../access/AccessDecisionManager.java | 0 .../security/access/AccessDecisionVoter.java | 0 .../access/AfterInvocationProvider.java | 0 .../security/access/ConfigAttribute.java | 0 .../security/access/SecurityConfig.java | 0 .../access/SecurityMetadataSource.java | 0 .../AnnotationMetadataExtractor.java | 0 .../Jsr250MethodSecurityMetadataSource.java | 0 .../annotation/Jsr250SecurityConfig.java | 0 .../access/annotation/Jsr250Voter.java | 0 ...curedAnnotationSecurityMetadataSource.java | 0 .../access/annotation/package-info.java | 23 +++++ .../event/AbstractAuthorizationEvent.java | 0 ...uthenticationCredentialsNotFoundEvent.java | 0 .../event/AuthorizationFailureEvent.java | 0 .../access/event/AuthorizedEvent.java | 0 .../security/access/event/LoggerListener.java | 0 .../access/event/PublicInvocationEvent.java | 0 .../security/access/event/package-info.java | 0 ...tExpressionBasedMethodConfigAttribute.java | 0 ...essionBasedAnnotationAttributeFactory.java | 0 .../ExpressionBasedPostInvocationAdvice.java | 0 .../ExpressionBasedPreInvocationAdvice.java | 0 .../PostInvocationExpressionAttribute.java | 0 .../PreInvocationExpressionAttribute.java | 0 .../expression/method/package-info.java | 25 ++++++ .../AbstractSecurityInterceptor.java | 0 .../intercept/AfterInvocationManager.java | 0 .../AfterInvocationProviderManager.java | 0 .../intercept/InterceptorStatusToken.java | 0 .../MethodInvocationPrivilegeEvaluator.java | 0 .../access/intercept/NullRunAsManager.java | 0 .../RunAsImplAuthenticationProvider.java | 0 .../access/intercept/RunAsManager.java | 0 .../access/intercept/RunAsManagerImpl.java | 0 .../access/intercept/RunAsUserToken.java | 0 .../MethodSecurityInterceptor.java | 0 .../MethodSecurityMetadataSourceAdvisor.java | 0 .../intercept/aopalliance/package-info.java | 0 .../intercept/aspectj/AspectJCallback.java | 0 .../AspectJMethodSecurityInterceptor.java | 0 .../aspectj/MethodInvocationAdapter.java | 0 .../intercept/aspectj/package-info.java | 0 .../access/intercept/package-info.java | 0 ...tFallbackMethodSecurityMetadataSource.java | 0 .../AbstractMethodSecurityMetadataSource.java | 0 ...elegatingMethodSecurityMetadataSource.java | 0 .../MapBasedMethodSecurityMetadataSource.java | 0 .../method/MethodSecurityMetadataSource.java | 0 .../security/access/method/P.java | 0 .../security/access/method/package-info.java | 0 .../security/access/package-info.java | 27 ++++++ .../prepost/PostInvocationAdviceProvider.java | 0 .../prepost/PostInvocationAttribute.java | 0 .../PostInvocationAuthorizationAdvice.java | 0 .../prepost/PreInvocationAttribute.java | 0 .../PreInvocationAuthorizationAdvice.java | 0 ...PreInvocationAuthorizationAdviceVoter.java | 0 ...rePostAdviceReactiveMethodInterceptor.java | 0 ...ePostAnnotationSecurityMetadataSource.java | 0 .../PrePostInvocationAttributeFactory.java | 0 .../security/access/prepost/package-info.java | 27 ++++++ .../vote/AbstractAccessDecisionManager.java | 0 .../access/vote/AbstractAclVoter.java | 0 .../access/vote/AffirmativeBased.java | 0 .../access/vote/AuthenticatedVoter.java | 0 .../security/access/vote/ConsensusBased.java | 0 .../access/vote/RoleHierarchyVoter.java | 0 .../security/access/vote/RoleVoter.java | 0 .../security/access/vote/UnanimousBased.java | 0 .../security/access/vote/package-info.java | 0 ...ticationCredentialsNotFoundEventTests.java | 0 .../AuthorizationFailureEventTests.java | 0 .../security/access/AuthorizedEventTests.java | 0 .../security/access/ITargetObject.java | 36 ++++++++ .../security/access/OtherTargetObject.java | 53 ++++++++++++ .../security/access/SecurityConfigTests.java | 0 .../security/access/TargetObject.java | 81 ++++++++++++++++++ .../access/annotation/BusinessService.java | 0 .../annotation/BusinessServiceImpl.java | 0 .../security/access/annotation/Entity.java | 0 ...xpressionProtectedBusinessServiceImpl.java | 0 .../annotation/Jsr250BusinessServiceImpl.java | 0 ...r250MethodSecurityMetadataSourceTests.java | 0 .../access/annotation/Jsr250VoterTests.java | 0 .../access/annotation/RequireAdminRole.java | 0 .../access/annotation/RequireUserRole.java | 0 ...AnnotationSecurityMetadataSourceTests.java | 3 +- .../annotation/sec2150/CrudRepository.java | 0 .../sec2150/MethodInvocationFactory.java | 0 .../annotation/sec2150/PersonRepository.java | 0 ...tMethodSecurityExpressionHandlerTests.java | 0 ...pressionBasedPreInvocationAdviceTests.java | 0 .../method/MethodExpressionVoterTests.java | 0 .../MethodSecurityEvaluationContextTests.java | 0 .../MethodSecurityExpressionRootTests.java | 24 +++--- ...AnnotationSecurityMetadataSourceTests.java | 0 .../expression/method/SecurityRules.java | 0 .../AbstractSecurityInterceptorTests.java | 0 .../AfterInvocationProviderManagerTests.java | 0 .../InterceptorStatusTokenTests.java | 0 .../intercept/NullRunAsManagerTests.java | 0 .../RunAsImplAuthenticationProviderTests.java | 0 .../intercept/RunAsManagerImplTests.java | 0 .../access/intercept/RunAsUserTokenTests.java | 0 .../MethodSecurityInterceptorTests.java | 4 +- ...hodSecurityMetadataSourceAdvisorTests.java | 2 +- ...AspectJMethodSecurityInterceptorTests.java | 2 +- ...asedMethodSecurityMetadataSourceTests.java | 0 ...thodInvocationPrivilegeEvaluatorTests.java | 6 +- .../method/MockMethodInvocation.java | 0 ...tingMethodSecurityMetadataSourceTests.java | 0 .../PostInvocationAdviceProviderTests.java | 0 ...vocationAuthorizationAdviceVoterTests.java | 0 .../AbstractAccessDecisionManagerTests.java | 0 .../access/vote/AbstractAclVoterTests.java | 0 .../access/vote/AffirmativeBasedTests.java | 0 .../access/vote/AuthenticatedVoterTests.java | 0 .../access/vote/ConsensusBasedTests.java | 0 .../security/access/vote/DenyAgainVoter.java | 0 .../security/access/vote/DenyVoter.java | 0 .../access/vote/RoleHierarchyVoterTests.java | 0 .../security/access/vote/RoleVoterTests.java | 0 .../access/vote/UnanimousBasedTests.java | 0 acl/spring-security-acl.gradle | 2 + aspects/spring-security-aspects.gradle | 2 + config/spring-security-config.gradle | 3 +- .../AnnotationParameterNameDiscoverer.java | 1 - ...erAfterReactiveMethodInterceptorTests.java | 1 - ...rBeforeReactiveMethodInterceptorTests.java | 1 - .../authorization/method/BusinessService.java | 70 ++++++++++++++++ .../Jsr250AuthorizationManagerTests.java | 1 - ...odExpressionAuthorizationManagerTests.java | 1 - .../method/MockMethodInvocation.java | 75 +++++++++++++++++ ...ostAuthorizeAuthorizationManagerTests.java | 1 - ...rizeReactiveAuthorizationManagerTests.java | 1 - ...erAuthorizationMethodInterceptorTests.java | 1 - ...izationReactiveMethodInterceptorTests.java | 1 - ...PreAuthorizeAuthorizationManagerTests.java | 1 - ...rizeReactiveAuthorizationManagerTests.java | 1 - ...erAuthorizationMethodInterceptorTests.java | 1 - ...izationReactiveMethodInterceptorTests.java | 1 - .../method/RequireAdminRole.java | 33 ++++++++ .../authorization/method/RequireUserRole.java | 33 ++++++++ .../SecuredAuthorizationManagerTests.java | 1 - ...nnotationParameterNameDiscovererTests.java | 1 - .../security/util/BusinessService.java | 70 ++++++++++++++++ .../security/util/BusinessServiceImpl.java | 84 +++++++++++++++++++ .../springframework/security/util/Entity.java | 30 +++++++ .../util/MethodInvocationUtilsTests.java | 1 - .../security/util/RequireAdminRole.java | 33 ++++++++ .../security/util/RequireUserRole.java | 33 ++++++++ .../spring-security-itest-context.gradle | 1 + itest/web/spring-security-itest-web.gradle | 1 + messaging/spring-security-messaging.gradle | 1 + web/spring-security-web.gradle | 1 + 157 files changed, 805 insertions(+), 38 deletions(-) create mode 100644 access/spring-security-access.gradle rename {core => access}/src/main/java/org/springframework/security/access/AccessDecisionManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/AccessDecisionVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/AfterInvocationProvider.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/ConfigAttribute.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/SecurityConfig.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/SecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java (100%) create mode 100644 access/src/main/java/org/springframework/security/access/annotation/package-info.java rename {core => access}/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/LoggerListener.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/event/package-info.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java (100%) create mode 100644 access/src/main/java/org/springframework/security/access/expression/method/package-info.java rename {core => access}/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/RunAsManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/intercept/package-info.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/P.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/method/package-info.java (100%) create mode 100644 access/src/main/java/org/springframework/security/access/package-info.java rename {core => access}/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java (100%) create mode 100644 access/src/main/java/org/springframework/security/access/prepost/package-info.java rename {core => access}/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/ConsensusBased.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/RoleVoter.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/UnanimousBased.java (100%) rename {core => access}/src/main/java/org/springframework/security/access/vote/package-info.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/AuthorizedEventTests.java (100%) create mode 100644 access/src/test/java/org/springframework/security/access/ITargetObject.java create mode 100644 access/src/test/java/org/springframework/security/access/OtherTargetObject.java rename {core => access}/src/test/java/org/springframework/security/access/SecurityConfigTests.java (100%) create mode 100644 access/src/test/java/org/springframework/security/access/TargetObject.java rename {core => access}/src/test/java/org/springframework/security/access/annotation/BusinessService.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/Entity.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java (98%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java (84%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java (99%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java (97%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java (99%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java (96%) rename {core => access}/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/DenyVoter.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java (100%) rename {core => access}/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java (100%) create mode 100644 core/src/test/java/org/springframework/security/authorization/method/BusinessService.java create mode 100644 core/src/test/java/org/springframework/security/authorization/method/MockMethodInvocation.java create mode 100644 core/src/test/java/org/springframework/security/authorization/method/RequireAdminRole.java create mode 100644 core/src/test/java/org/springframework/security/authorization/method/RequireUserRole.java create mode 100644 core/src/test/java/org/springframework/security/util/BusinessService.java create mode 100644 core/src/test/java/org/springframework/security/util/BusinessServiceImpl.java create mode 100644 core/src/test/java/org/springframework/security/util/Entity.java create mode 100644 core/src/test/java/org/springframework/security/util/RequireAdminRole.java create mode 100644 core/src/test/java/org/springframework/security/util/RequireUserRole.java diff --git a/access/spring-security-access.gradle b/access/spring-security-access.gradle new file mode 100644 index 0000000000..ff53b8d766 --- /dev/null +++ b/access/spring-security-access.gradle @@ -0,0 +1,42 @@ +apply plugin: 'io.spring.convention.spring-module' + +dependencies { + management platform(project(":spring-security-dependencies")) + api project(':spring-security-crypto') + api project(':spring-security-core') + api 'org.springframework:spring-aop' + api 'org.springframework:spring-beans' + api 'org.springframework:spring-context' + api 'org.springframework:spring-core' + api 'org.springframework:spring-expression' + api 'io.micrometer:micrometer-observation' + + optional 'com.fasterxml.jackson.core:jackson-databind' + optional 'io.micrometer:context-propagation' + optional 'io.projectreactor:reactor-core' + optional 'jakarta.annotation:jakarta.annotation-api' + optional 'org.aspectj:aspectjrt' + optional 'org.springframework:spring-jdbc' + optional 'org.springframework:spring-tx' + optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor' + + testImplementation 'commons-collections:commons-collections' + testImplementation 'io.projectreactor:reactor-test' + testImplementation "org.assertj:assertj-core" + testImplementation "org.junit.jupiter:junit-jupiter-api" + testImplementation "org.junit.jupiter:junit-jupiter-params" + testImplementation "org.junit.jupiter:junit-jupiter-engine" + testImplementation "org.mockito:mockito-core" + testImplementation "org.mockito:mockito-junit-jupiter" + testImplementation "org.springframework:spring-core-test" + testImplementation "org.springframework:spring-test" + testImplementation 'org.skyscreamer:jsonassert' + testImplementation 'org.springframework:spring-test' + testImplementation 'org.jetbrains.kotlin:kotlin-reflect' + testImplementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8' + testImplementation 'io.mockk:mockk' + + testRuntimeOnly 'org.hsqldb:hsqldb' + testRuntimeOnly 'org.junit.platform:junit-platform-launcher' +} + diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java b/access/src/main/java/org/springframework/security/access/AccessDecisionManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/AccessDecisionManager.java rename to access/src/main/java/org/springframework/security/access/AccessDecisionManager.java diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java b/access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java rename to access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java diff --git a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java b/access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java rename to access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java diff --git a/core/src/main/java/org/springframework/security/access/ConfigAttribute.java b/access/src/main/java/org/springframework/security/access/ConfigAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/ConfigAttribute.java rename to access/src/main/java/org/springframework/security/access/ConfigAttribute.java diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/access/src/main/java/org/springframework/security/access/SecurityConfig.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/SecurityConfig.java rename to access/src/main/java/org/springframework/security/access/SecurityConfig.java diff --git a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java b/access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java rename to access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java rename to access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java rename to access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java diff --git a/access/src/main/java/org/springframework/security/access/annotation/package-info.java b/access/src/main/java/org/springframework/security/access/annotation/package-info.java new file mode 100644 index 0000000000..937a0b1c56 --- /dev/null +++ b/access/src/main/java/org/springframework/security/access/annotation/package-info.java @@ -0,0 +1,23 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Support for JSR-250 and Spring Security {@code @Secured} annotations. + */ +@NullMarked +package org.springframework.security.access.annotation; + +import org.jspecify.annotations.NullMarked; diff --git a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java b/access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java rename to access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java rename to access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java rename to access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java rename to access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/access/src/main/java/org/springframework/security/access/event/LoggerListener.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/LoggerListener.java rename to access/src/main/java/org/springframework/security/access/event/LoggerListener.java diff --git a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java b/access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java rename to access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java diff --git a/core/src/main/java/org/springframework/security/access/event/package-info.java b/access/src/main/java/org/springframework/security/access/event/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/event/package-info.java rename to access/src/main/java/org/springframework/security/access/event/package-info.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java rename to access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java rename to access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java rename to access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java rename to access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java rename to access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java rename to access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java diff --git a/access/src/main/java/org/springframework/security/access/expression/method/package-info.java b/access/src/main/java/org/springframework/security/access/expression/method/package-info.java new file mode 100644 index 0000000000..0923fe65a6 --- /dev/null +++ b/access/src/main/java/org/springframework/security/access/expression/method/package-info.java @@ -0,0 +1,25 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Implementation of expression-based method security. + * + * @since 3.0 + */ +@NullMarked +package org.springframework.security.access.expression.method; + +import org.jspecify.annotations.NullMarked; diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java rename to access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java rename to access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java rename to access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java b/access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java rename to access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java rename to access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java b/access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java rename to access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java rename to access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java b/access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java rename to access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java rename to access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java rename to access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java rename to access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java rename to access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java rename to access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java rename to access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java rename to access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java b/access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java rename to access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java b/access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java rename to access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java diff --git a/core/src/main/java/org/springframework/security/access/intercept/package-info.java b/access/src/main/java/org/springframework/security/access/intercept/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/intercept/package-info.java rename to access/src/main/java/org/springframework/security/access/intercept/package-info.java diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/method/P.java b/access/src/main/java/org/springframework/security/access/method/P.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/P.java rename to access/src/main/java/org/springframework/security/access/method/P.java diff --git a/core/src/main/java/org/springframework/security/access/method/package-info.java b/access/src/main/java/org/springframework/security/access/method/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/method/package-info.java rename to access/src/main/java/org/springframework/security/access/method/package-info.java diff --git a/access/src/main/java/org/springframework/security/access/package-info.java b/access/src/main/java/org/springframework/security/access/package-info.java new file mode 100644 index 0000000000..01ac014fe7 --- /dev/null +++ b/access/src/main/java/org/springframework/security/access/package-info.java @@ -0,0 +1,27 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Core access-control related code, including security metadata related classes, + * interception code, access control annotations, EL support and voter-based + * implementations of the central + * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} + * interface. + */ +@NullMarked +package org.springframework.security.access; + +import org.jspecify.annotations.NullMarked; diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java rename to access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java rename to access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java rename to access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java rename to access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java rename to access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java rename to access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java b/access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java rename to access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java rename to access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java b/access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java rename to access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java diff --git a/access/src/main/java/org/springframework/security/access/prepost/package-info.java b/access/src/main/java/org/springframework/security/access/prepost/package-info.java new file mode 100644 index 0000000000..d4322df1a4 --- /dev/null +++ b/access/src/main/java/org/springframework/security/access/prepost/package-info.java @@ -0,0 +1,27 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Contains the infrastructure classes for handling the {@code @PreAuthorize}, + * {@code @PreFilter}, {@code @PostAuthorize} and {@code @PostFilter} annotations. + *

+ * Other than the annotations themselves, the classes should be regarded as for internal + * framework use and are liable to change without notice. + */ +@NullMarked +package org.springframework.security.access.prepost; + +import org.jspecify.annotations.NullMarked; diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java rename to access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java rename to access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java rename to access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java rename to access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java rename to access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java rename to access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/access/src/main/java/org/springframework/security/access/vote/RoleVoter.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/RoleVoter.java rename to access/src/main/java/org/springframework/security/access/vote/RoleVoter.java diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java rename to access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java diff --git a/core/src/main/java/org/springframework/security/access/vote/package-info.java b/access/src/main/java/org/springframework/security/access/vote/package-info.java similarity index 100% rename from core/src/main/java/org/springframework/security/access/vote/package-info.java rename to access/src/main/java/org/springframework/security/access/vote/package-info.java diff --git a/core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java b/access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java rename to access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java diff --git a/core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java b/access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java rename to access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java diff --git a/core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java b/access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/AuthorizedEventTests.java rename to access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java diff --git a/access/src/test/java/org/springframework/security/access/ITargetObject.java b/access/src/test/java/org/springframework/security/access/ITargetObject.java new file mode 100644 index 0000000000..9929eb53ba --- /dev/null +++ b/access/src/test/java/org/springframework/security/access/ITargetObject.java @@ -0,0 +1,36 @@ +/* + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.access; + +/** + * Represents the interface of a secured object. + * + * @author Ben Alex + */ +public interface ITargetObject { + + Integer computeHashCode(String input); + + int countLength(String input); + + String makeLowerCase(String input); + + String makeUpperCase(String input); + + String publicMakeLowerCase(String input); + +} diff --git a/access/src/test/java/org/springframework/security/access/OtherTargetObject.java b/access/src/test/java/org/springframework/security/access/OtherTargetObject.java new file mode 100644 index 0000000000..c4ea9a2fb3 --- /dev/null +++ b/access/src/test/java/org/springframework/security/access/OtherTargetObject.java @@ -0,0 +1,53 @@ +/* + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.access; + +/** + * Simply extends {@link TargetObject} so we have a different object to put configuration + * attributes against. + *

+ * There is no different behaviour. We have to define each method so that + * Class.getMethod(methodName, args) returns a Method + * referencing this class rather than the parent class. + *

+ *

+ * We need to implement ITargetObject again because the + * MethodDefinitionAttributes only locates attributes on interfaces + * explicitly defined by the intercepted class (not the interfaces defined by its parent + * class or classes). + *

+ * + * @author Ben Alex + */ +public class OtherTargetObject extends TargetObject implements ITargetObject { + + @Override + public String makeLowerCase(String input) { + return super.makeLowerCase(input); + } + + @Override + public String makeUpperCase(String input) { + return super.makeUpperCase(input); + } + + @Override + public String publicMakeLowerCase(String input) { + return super.publicMakeLowerCase(input); + } + +} diff --git a/core/src/test/java/org/springframework/security/access/SecurityConfigTests.java b/access/src/test/java/org/springframework/security/access/SecurityConfigTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/SecurityConfigTests.java rename to access/src/test/java/org/springframework/security/access/SecurityConfigTests.java diff --git a/access/src/test/java/org/springframework/security/access/TargetObject.java b/access/src/test/java/org/springframework/security/access/TargetObject.java new file mode 100644 index 0000000000..7af0aff10d --- /dev/null +++ b/access/src/test/java/org/springframework/security/access/TargetObject.java @@ -0,0 +1,81 @@ +/* + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.access; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +/** + * Represents a secured object. + * + * @author Ben Alex + */ +public class TargetObject implements ITargetObject { + + @Override + public Integer computeHashCode(String input) { + return input.hashCode(); + } + + @Override + public int countLength(String input) { + return input.length(); + } + + /** + * Returns the lowercase string, followed by security environment information. + * @param input the message to make lowercase + * @return the lowercase message, a space, the Authentication class that + * was on the SecurityContext at the time of method invocation, and a + * boolean indicating if the Authentication object is authenticated or + * not + */ + @Override + public String makeLowerCase(String input) { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth == null) { + return input.toLowerCase() + " Authentication empty"; + } + else { + return input.toLowerCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated(); + } + } + + /** + * Returns the uppercase string, followed by security environment information. + * @param input the message to make uppercase + * @return the uppercase message, a space, the Authentication class that + * was on the SecurityContext at the time of method invocation, and a + * boolean indicating if the Authentication object is authenticated or + * not + */ + @Override + public String makeUpperCase(String input) { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated(); + } + + /** + * Delegates through to the {@link #makeLowerCase(String)} method. + * @param input the message to be made lower-case + */ + @Override + public String publicMakeLowerCase(String input) { + return this.makeLowerCase(input); + } + +} diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessService.java b/access/src/test/java/org/springframework/security/access/annotation/BusinessService.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/BusinessService.java rename to access/src/test/java/org/springframework/security/access/annotation/BusinessService.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java b/access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java rename to access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/Entity.java b/access/src/test/java/org/springframework/security/access/annotation/Entity.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/Entity.java rename to access/src/test/java/org/springframework/security/access/annotation/Entity.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java b/access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java rename to access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java b/access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java rename to access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java b/access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java rename to access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java b/access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java rename to access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java b/access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java rename to access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java b/access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java rename to access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java b/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java similarity index 98% rename from core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java rename to access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java index 71d96ed75a..e4b5235f16 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java +++ b/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java @@ -39,8 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.fail; /** - * Tests for - * {@link org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource} + * Tests for {@link SecuredAnnotationSecurityMetadataSource} * * @author Mark St.Godard * @author Joe Scalise diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java b/access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java rename to access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java b/access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java rename to access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java diff --git a/core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java b/access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java rename to access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java b/access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java b/access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java b/access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java similarity index 84% rename from core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java index 6f65547e91..a908236c99 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java +++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java @@ -17,6 +17,7 @@ package org.springframework.security.access.expression.method; import org.aopalliance.intercept.MethodInvocation; +import org.assertj.core.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -28,7 +29,6 @@ import org.springframework.security.access.expression.ExpressionUtils; import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.core.Authentication; -import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.BDDMockito.given; @@ -65,19 +65,19 @@ public class MethodSecurityExpressionRootTests { public void canCallMethodsOnVariables() { this.ctx.setVariable("var", "somestring"); Expression e = this.parser.parseExpression("#var.length() == 10"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } @Test public void isAnonymousReturnsTrueIfTrustResolverReportsAnonymous() { given(this.trustResolver.isAnonymous(this.user)).willReturn(true); - assertThat(this.root.isAnonymous()).isTrue(); + Assertions.assertThat(this.root.isAnonymous()).isTrue(); } @Test public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() { given(this.trustResolver.isAnonymous(this.user)).willReturn(false); - assertThat(this.root.isAnonymous()).isFalse(); + Assertions.assertThat(this.root.isAnonymous()).isFalse(); } @Test @@ -87,7 +87,7 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse(); + Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse(); } @Test @@ -97,7 +97,7 @@ public class MethodSecurityExpressionRootTests { this.ctx.setVariable("domainObject", dummyDomainObject); this.root.setPermissionEvaluator(pe); given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true); - assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue(); + Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue(); } @Test @@ -109,13 +109,13 @@ public class MethodSecurityExpressionRootTests { given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false); Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)"); // evaluator returns true - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); e = this.parser.parseExpression("hasPermission(#domainObject, 10)"); // evaluator returns true - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); e = this.parser.parseExpression("hasPermission(#domainObject, 0xFF)"); // evaluator returns false, make sure return value matches - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); } @Test @@ -132,11 +132,11 @@ public class MethodSecurityExpressionRootTests { given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false); given(pe.hasPermission(this.user, "x", i)).willReturn(true); Expression e = this.parser.parseExpression("hasPermission(this, 2)"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); e = this.parser.parseExpression("hasPermission(this, 2)"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse(); e = this.parser.parseExpression("hasPermission(this.x, 2)"); - assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); + Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue(); } } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java b/access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java rename to access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java diff --git a/core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java b/access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java rename to access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java b/access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java rename to access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java b/access/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java rename to access/src/test/java/org/springframework/security/access/intercept/AfterInvocationProviderManagerTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java b/access/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java rename to access/src/test/java/org/springframework/security/access/intercept/InterceptorStatusTokenTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java b/access/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java rename to access/src/test/java/org/springframework/security/access/intercept/NullRunAsManagerTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java b/access/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java rename to access/src/test/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProviderTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java b/access/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java rename to access/src/test/java/org/springframework/security/access/intercept/RunAsManagerImplTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java b/access/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java rename to access/src/test/java/org/springframework/security/access/intercept/RunAsUserTokenTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java b/access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java similarity index 99% rename from core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java rename to access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java index a120f7eb63..9b0ca1577d 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java +++ b/access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptorTests.java @@ -25,12 +25,12 @@ import org.junit.jupiter.api.Test; import org.springframework.aop.framework.ProxyFactory; import org.springframework.context.ApplicationEventPublisher; -import org.springframework.security.ITargetObject; -import org.springframework.security.TargetObject; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.ITargetObject; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.TargetObject; import org.springframework.security.access.event.AuthorizationFailureEvent; import org.springframework.security.access.event.AuthorizedEvent; import org.springframework.security.access.intercept.AfterInvocationManager; diff --git a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java b/access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java similarity index 97% rename from core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java rename to access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java index 60c95f8cbb..b8e314e423 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java +++ b/access/src/test/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisorTests.java @@ -20,8 +20,8 @@ import java.lang.reflect.Method; import org.junit.jupiter.api.Test; -import org.springframework.security.TargetObject; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.TargetObject; import org.springframework.security.access.method.MethodSecurityMetadataSource; import static org.assertj.core.api.Assertions.assertThat; diff --git a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java b/access/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java similarity index 99% rename from core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java rename to access/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java index 4afe87616d..0c80f07e77 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java +++ b/access/src/test/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptorTests.java @@ -30,10 +30,10 @@ import org.junit.jupiter.api.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; -import org.springframework.security.TargetObject; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.TargetObject; import org.springframework.security.access.intercept.AfterInvocationManager; import org.springframework.security.access.intercept.RunAsManager; import org.springframework.security.access.intercept.RunAsUserToken; diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java b/access/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java rename to access/src/test/java/org/springframework/security/access/intercept/method/MapBasedMethodSecurityMetadataSourceTests.java diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java b/access/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java similarity index 96% rename from core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java rename to access/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java index 93482a82cb..4780a8cc44 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java +++ b/access/src/test/java/org/springframework/security/access/intercept/method/MethodInvocationPrivilegeEvaluatorTests.java @@ -22,13 +22,13 @@ import org.aopalliance.intercept.MethodInvocation; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.springframework.security.ITargetObject; -import org.springframework.security.OtherTargetObject; -import org.springframework.security.TargetObject; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.ITargetObject; +import org.springframework.security.access.OtherTargetObject; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.access.TargetObject; import org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator; import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor; import org.springframework.security.access.method.MethodSecurityMetadataSource; diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java b/access/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java rename to access/src/test/java/org/springframework/security/access/intercept/method/MockMethodInvocation.java diff --git a/core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java b/access/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java rename to access/src/test/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSourceTests.java diff --git a/core/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java b/access/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java rename to access/src/test/java/org/springframework/security/access/prepost/PostInvocationAdviceProviderTests.java diff --git a/core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java b/access/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java rename to access/src/test/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java b/access/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java rename to access/src/test/java/org/springframework/security/access/vote/AbstractAccessDecisionManagerTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java b/access/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java rename to access/src/test/java/org/springframework/security/access/vote/AbstractAclVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java b/access/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java rename to access/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java b/access/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java rename to access/src/test/java/org/springframework/security/access/vote/AuthenticatedVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java b/access/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java rename to access/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java b/access/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java rename to access/src/test/java/org/springframework/security/access/vote/DenyAgainVoter.java diff --git a/core/src/test/java/org/springframework/security/access/vote/DenyVoter.java b/access/src/test/java/org/springframework/security/access/vote/DenyVoter.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/DenyVoter.java rename to access/src/test/java/org/springframework/security/access/vote/DenyVoter.java diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java b/access/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java rename to access/src/test/java/org/springframework/security/access/vote/RoleHierarchyVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java b/access/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java rename to access/src/test/java/org/springframework/security/access/vote/RoleVoterTests.java diff --git a/core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java b/access/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java similarity index 100% rename from core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java rename to access/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java diff --git a/acl/spring-security-acl.gradle b/acl/spring-security-acl.gradle index ec3d59bbe7..0238984aab 100644 --- a/acl/spring-security-acl.gradle +++ b/acl/spring-security-acl.gradle @@ -9,6 +9,8 @@ dependencies { api 'org.springframework:spring-jdbc' api 'org.springframework:spring-tx' + optional project(':spring-security-access') + testImplementation "org.assertj:assertj-core" testImplementation "org.junit.jupiter:junit-jupiter-api" testImplementation "org.junit.jupiter:junit-jupiter-params" diff --git a/aspects/spring-security-aspects.gradle b/aspects/spring-security-aspects.gradle index cffa8e5fb1..9df4e61538 100644 --- a/aspects/spring-security-aspects.gradle +++ b/aspects/spring-security-aspects.gradle @@ -18,6 +18,8 @@ dependencies { api 'org.springframework:spring-context' api 'org.springframework:spring-core' + optional project(':spring-security-access') + testImplementation 'org.springframework:spring-aop' testImplementation "org.assertj:assertj-core" testImplementation "org.junit.jupiter:junit-jupiter-api" diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle index 502bc446fd..c912dc6cdc 100644 --- a/config/spring-security-config.gradle +++ b/config/spring-security-config.gradle @@ -1,4 +1,3 @@ -import org.jetbrains.kotlin.gradle.tasks.KotlinCompile import org.springframework.gradle.xsd.CreateVersionlessXsdTask import trang.RncToXsd @@ -21,6 +20,7 @@ dependencies { api 'org.springframework:spring-context' api 'org.springframework:spring-core' + optional project(':spring-security-access') optional project(':spring-security-data') optional project(':spring-security-ldap') optional project(':spring-security-messaging') @@ -49,6 +49,7 @@ dependencies { testImplementation project(':spring-security-aspects') testImplementation project(':spring-security-cas') testImplementation project(':spring-security-test') + testImplementation project(path : ':spring-security-access', configuration : 'tests') testImplementation project(path : ':spring-security-core', configuration : 'tests') testImplementation project(path : ':spring-security-ldap', configuration : 'tests') testImplementation project(path : ':spring-security-oauth2-client', configuration : 'tests') diff --git a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java index fca66904bd..6426fcc01a 100644 --- a/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java +++ b/core/src/main/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscoverer.java @@ -30,7 +30,6 @@ import org.springframework.core.BridgeMethodResolver; import org.springframework.core.ParameterNameDiscoverer; import org.springframework.core.PrioritizedParameterNameDiscoverer; import org.springframework.core.annotation.AnnotationUtils; -import org.springframework.security.access.method.P; import org.springframework.util.Assert; import org.springframework.util.ReflectionUtils; diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java index bbc363ca18..3c2358964d 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java @@ -25,7 +25,6 @@ import reactor.core.publisher.Mono; import org.springframework.aop.Pointcut; import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.authorization.AuthorizationResult; diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java index fbdf5c09ed..09b069302a 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java @@ -24,7 +24,6 @@ import reactor.core.publisher.Mono; import org.springframework.aop.Pointcut; import org.springframework.security.access.AccessDeniedException; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.authorization.AuthorizationResult; diff --git a/core/src/test/java/org/springframework/security/authorization/method/BusinessService.java b/core/src/test/java/org/springframework/security/authorization/method/BusinessService.java new file mode 100644 index 0000000000..aa90b2c22c --- /dev/null +++ b/core/src/test/java/org/springframework/security/authorization/method/BusinessService.java @@ -0,0 +1,70 @@ +/* + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.authorization.method; + +import java.io.Serializable; +import java.util.List; + +import jakarta.annotation.security.PermitAll; +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +/** + */ +@Secured({ "ROLE_USER" }) +@PermitAll +public interface BusinessService extends Serializable { + + @Secured({ "ROLE_ADMIN" }) + @RolesAllowed({ "ROLE_ADMIN" }) + @PreAuthorize("hasRole('ROLE_ADMIN')") + void someAdminMethod(); + + @Secured({ "ROLE_USER", "ROLE_ADMIN" }) + @RolesAllowed({ "ROLE_USER", "ROLE_ADMIN" }) + void someUserAndAdminMethod(); + + @Secured({ "ROLE_USER" }) + @RolesAllowed({ "ROLE_USER" }) + void someUserMethod1(); + + @Secured({ "ROLE_USER" }) + @RolesAllowed({ "ROLE_USER" }) + void someUserMethod2(); + + @RolesAllowed({ "USER" }) + void rolesAllowedUser(); + + int someOther(String s); + + int someOther(int input); + + List methodReturningAList(List someList); + + Object[] methodReturningAnArray(Object[] someArray); + + List methodReturningAList(String userName, String extraParam); + + @RequireAdminRole + @RequireUserRole + default void repeatedAnnotations() { + + } + +} diff --git a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java index d5174a2232..d9534a7df0 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java @@ -28,7 +28,6 @@ import jakarta.annotation.security.RolesAllowed; import org.junit.jupiter.api.Test; import org.springframework.core.annotation.AnnotationConfigurationException; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthorizationManager; diff --git a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java index c3357a20f0..3aea48707e 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java @@ -21,7 +21,6 @@ import org.junit.platform.commons.util.ReflectionUtils; import org.springframework.expression.Expression; import org.springframework.expression.ExpressionParser; -import org.springframework.security.access.annotation.BusinessService; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authorization.AuthorizationResult; diff --git a/core/src/test/java/org/springframework/security/authorization/method/MockMethodInvocation.java b/core/src/test/java/org/springframework/security/authorization/method/MockMethodInvocation.java new file mode 100644 index 0000000000..ee5b35cfff --- /dev/null +++ b/core/src/test/java/org/springframework/security/authorization/method/MockMethodInvocation.java @@ -0,0 +1,75 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.authorization.method; + +import java.lang.reflect.AccessibleObject; +import java.lang.reflect.Method; + +import org.aopalliance.intercept.MethodInvocation; + +@SuppressWarnings("unchecked") +public class MockMethodInvocation implements MethodInvocation { + + private Method method; + + private Object targetObject; + + private Object[] arguments = new Object[0]; + + public MockMethodInvocation(Object targetObject, Class clazz, String methodName, Class[] parameterTypes, + Object[] arguments) throws NoSuchMethodException { + this(targetObject, clazz, methodName, parameterTypes); + this.arguments = arguments; + } + + public MockMethodInvocation(Object targetObject, Class clazz, String methodName, Class... parameterTypes) + throws NoSuchMethodException { + this(targetObject, clazz.getMethod(methodName, parameterTypes)); + this.targetObject = targetObject; + } + + public MockMethodInvocation(Object targetObject, Method method) { + this.targetObject = targetObject; + this.method = method; + } + + @Override + public Object[] getArguments() { + return this.arguments; + } + + @Override + public Method getMethod() { + return this.method; + } + + @Override + public AccessibleObject getStaticPart() { + return null; + } + + @Override + public Object getThis() { + return this.targetObject; + } + + @Override + public Object proceed() { + return null; + } + +} diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java index dd1a4a8359..9e418096f9 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java @@ -30,7 +30,6 @@ import org.springframework.context.support.GenericApplicationContext; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java index f5e51d4efc..5c10366bd2 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java @@ -28,7 +28,6 @@ import reactor.core.publisher.Mono; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthorizationResult; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java index b837b20cf6..31fee409f9 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java @@ -28,7 +28,6 @@ import org.springframework.aop.MethodMatcher; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java index f4b1dbcf19..aed760b585 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptorTests.java @@ -27,7 +27,6 @@ import reactor.core.publisher.Mono; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PostFilter; import static org.assertj.core.api.Assertions.assertThat; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java index 980f640750..b9439ca3d6 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java @@ -28,7 +28,6 @@ import org.springframework.context.support.GenericApplicationContext; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java index f62fe7459c..bb0d003e3d 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java @@ -25,7 +25,6 @@ import reactor.core.publisher.Mono; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthorizationResult; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java index d13bce3c4d..e28c570644 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java @@ -29,7 +29,6 @@ import org.springframework.aop.MethodMatcher; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PreFilter; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java index e45c6054ae..309321e607 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptorTests.java @@ -28,7 +28,6 @@ import org.springframework.core.ParameterNameDiscoverer; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PreFilter; import org.springframework.security.core.parameters.DefaultSecurityParameterNameDiscoverer; diff --git a/core/src/test/java/org/springframework/security/authorization/method/RequireAdminRole.java b/core/src/test/java/org/springframework/security/authorization/method/RequireAdminRole.java new file mode 100644 index 0000000000..c9d2101d5a --- /dev/null +++ b/core/src/test/java/org/springframework/security/authorization/method/RequireAdminRole.java @@ -0,0 +1,33 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.authorization.method; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("hasRole('ADMIN')") +@RolesAllowed("ADMIN") +@Secured("ADMIN") +public @interface RequireAdminRole { + +} diff --git a/core/src/test/java/org/springframework/security/authorization/method/RequireUserRole.java b/core/src/test/java/org/springframework/security/authorization/method/RequireUserRole.java new file mode 100644 index 0000000000..b918926b3e --- /dev/null +++ b/core/src/test/java/org/springframework/security/authorization/method/RequireUserRole.java @@ -0,0 +1,33 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.authorization.method; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("hasRole('USER')") +@RolesAllowed("USER") +@Secured("USER") +public @interface RequireUserRole { + +} diff --git a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java index 172d9be8b6..27993c2fd0 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java @@ -27,7 +27,6 @@ import org.junit.jupiter.api.Test; import org.springframework.aop.TargetClassAware; import org.springframework.core.annotation.AnnotationConfigurationException; import org.springframework.security.access.annotation.Secured; -import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthorizationManager; diff --git a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java index 13dee89fe5..de52d16246 100644 --- a/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java +++ b/core/src/test/java/org/springframework/security/core/parameters/AnnotationParameterNameDiscovererTests.java @@ -19,7 +19,6 @@ package org.springframework.security.core.parameters; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.springframework.security.access.method.P; import org.springframework.util.ReflectionUtils; import static org.assertj.core.api.Assertions.assertThat; diff --git a/core/src/test/java/org/springframework/security/util/BusinessService.java b/core/src/test/java/org/springframework/security/util/BusinessService.java new file mode 100644 index 0000000000..d863bb55e8 --- /dev/null +++ b/core/src/test/java/org/springframework/security/util/BusinessService.java @@ -0,0 +1,70 @@ +/* + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.util; + +import java.io.Serializable; +import java.util.List; + +import jakarta.annotation.security.PermitAll; +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +/** + */ +@Secured({ "ROLE_USER" }) +@PermitAll +public interface BusinessService extends Serializable { + + @Secured({ "ROLE_ADMIN" }) + @RolesAllowed({ "ROLE_ADMIN" }) + @PreAuthorize("hasRole('ROLE_ADMIN')") + void someAdminMethod(); + + @Secured({ "ROLE_USER", "ROLE_ADMIN" }) + @RolesAllowed({ "ROLE_USER", "ROLE_ADMIN" }) + void someUserAndAdminMethod(); + + @Secured({ "ROLE_USER" }) + @RolesAllowed({ "ROLE_USER" }) + void someUserMethod1(); + + @Secured({ "ROLE_USER" }) + @RolesAllowed({ "ROLE_USER" }) + void someUserMethod2(); + + @RolesAllowed({ "USER" }) + void rolesAllowedUser(); + + int someOther(String s); + + int someOther(int input); + + List methodReturningAList(List someList); + + Object[] methodReturningAnArray(Object[] someArray); + + List methodReturningAList(String userName, String extraParam); + + @RequireAdminRole + @RequireUserRole + default void repeatedAnnotations() { + + } + +} diff --git a/core/src/test/java/org/springframework/security/util/BusinessServiceImpl.java b/core/src/test/java/org/springframework/security/util/BusinessServiceImpl.java new file mode 100644 index 0000000000..60b1997d37 --- /dev/null +++ b/core/src/test/java/org/springframework/security/util/BusinessServiceImpl.java @@ -0,0 +1,84 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.util; + +import java.util.ArrayList; +import java.util.List; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.authorization.method.BusinessService; + +/** + * @author Joe Scalise + */ +@SuppressWarnings("serial") +public class BusinessServiceImpl implements BusinessService { + + @Override + @Secured({ "ROLE_USER" }) + public void someUserMethod1() { + } + + @Override + @Secured({ "ROLE_USER" }) + public void someUserMethod2() { + } + + @Override + @Secured({ "ROLE_USER", "ROLE_ADMIN" }) + public void someUserAndAdminMethod() { + } + + @Override + @Secured({ "ROLE_ADMIN" }) + public void someAdminMethod() { + } + + public E someUserMethod3(final E entity) { + return entity; + } + + @Override + public int someOther(String s) { + return 0; + } + + @Override + public int someOther(int input) { + return input; + } + + @Override + public List methodReturningAList(List someList) { + return someList; + } + + @Override + public List methodReturningAList(String userName, String arg2) { + return new ArrayList<>(); + } + + @Override + public Object[] methodReturningAnArray(Object[] someArray) { + return null; + } + + @Override + public void rolesAllowedUser() { + } + +} diff --git a/core/src/test/java/org/springframework/security/util/Entity.java b/core/src/test/java/org/springframework/security/util/Entity.java new file mode 100644 index 0000000000..e4bbb1e3d3 --- /dev/null +++ b/core/src/test/java/org/springframework/security/util/Entity.java @@ -0,0 +1,30 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.util; + +/** + * Class to act as a superclass for annotations testing. + * + * @author Ben Alex + * + */ +public class Entity { + + public Entity(String someParameter) { + } + +} diff --git a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java index 255695fe1d..1a04a6d685 100644 --- a/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java +++ b/core/src/test/java/org/springframework/security/util/MethodInvocationUtilsTests.java @@ -22,7 +22,6 @@ import org.aopalliance.intercept.MethodInvocation; import org.junit.jupiter.api.Test; import org.springframework.aop.framework.AdvisedSupport; -import org.springframework.security.access.annotation.BusinessServiceImpl; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; diff --git a/core/src/test/java/org/springframework/security/util/RequireAdminRole.java b/core/src/test/java/org/springframework/security/util/RequireAdminRole.java new file mode 100644 index 0000000000..fb6e5d45ac --- /dev/null +++ b/core/src/test/java/org/springframework/security/util/RequireAdminRole.java @@ -0,0 +1,33 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.util; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("hasRole('ADMIN')") +@RolesAllowed("ADMIN") +@Secured("ADMIN") +public @interface RequireAdminRole { + +} diff --git a/core/src/test/java/org/springframework/security/util/RequireUserRole.java b/core/src/test/java/org/springframework/security/util/RequireUserRole.java new file mode 100644 index 0000000000..6ea9c9e25f --- /dev/null +++ b/core/src/test/java/org/springframework/security/util/RequireUserRole.java @@ -0,0 +1,33 @@ +/* + * Copyright 2004-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.util; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +import jakarta.annotation.security.RolesAllowed; + +import org.springframework.security.access.annotation.Secured; +import org.springframework.security.access.prepost.PreAuthorize; + +@Retention(RetentionPolicy.RUNTIME) +@PreAuthorize("hasRole('USER')") +@RolesAllowed("USER") +@Secured("USER") +public @interface RequireUserRole { + +} diff --git a/itest/context/spring-security-itest-context.gradle b/itest/context/spring-security-itest-context.gradle index 15c4b52dbd..23064eaf72 100644 --- a/itest/context/spring-security-itest-context.gradle +++ b/itest/context/spring-security-itest-context.gradle @@ -3,6 +3,7 @@ apply plugin: 'io.spring.convention.spring-test' dependencies { implementation platform(project(":spring-security-dependencies")) implementation project(':spring-security-core') + implementation project(':spring-security-access') implementation 'org.python:jython' implementation 'org.springframework:spring-aop' implementation 'org.springframework:spring-beans' diff --git a/itest/web/spring-security-itest-web.gradle b/itest/web/spring-security-itest-web.gradle index d8fe2583a2..e7cf83a4f5 100644 --- a/itest/web/spring-security-itest-web.gradle +++ b/itest/web/spring-security-itest-web.gradle @@ -2,6 +2,7 @@ apply plugin: 'io.spring.convention.spring-test' dependencies { implementation platform(project(":spring-security-dependencies")) + implementation project(':spring-security-access') implementation 'org.springframework:spring-context' implementation 'org.springframework:spring-web' diff --git a/messaging/spring-security-messaging.gradle b/messaging/spring-security-messaging.gradle index c231057267..044afa0ba0 100644 --- a/messaging/spring-security-messaging.gradle +++ b/messaging/spring-security-messaging.gradle @@ -13,6 +13,7 @@ dependencies { api 'org.springframework:spring-expression' api 'org.springframework:spring-messaging' + optional project(':spring-security-access') optional project(':spring-security-web') optional 'org.springframework:spring-websocket' optional 'io.projectreactor:reactor-core' diff --git a/web/spring-security-web.gradle b/web/spring-security-web.gradle index 87ce691e0c..d4113fed83 100644 --- a/web/spring-security-web.gradle +++ b/web/spring-security-web.gradle @@ -39,6 +39,7 @@ dependencies { api 'org.springframework:spring-expression' api 'org.springframework:spring-web' + optional project(':spring-security-access') optional 'com.fasterxml.jackson.core:jackson-databind' optional 'io.micrometer:context-propagation' optional 'io.projectreactor:reactor-core'