From 5fcbb9f4ed792ca24836efaad37d5454a7dd881d Mon Sep 17 00:00:00 2001
From: Karthikeyan R <karthikeyanr@Karthikeyans-MacBook-Pro.local>
Date: Sat, 30 Jul 2022 23:52:55 +0530
Subject: [PATCH] Add AuthenticationTrustResolver#isFullyAuthenticated

Closes gh-11510
---
 .../expression/SecurityExpressionRoot.java      |  2 +-
 .../AuthenticationTrustResolver.java            | 17 +++++++++++++++++
 .../AuthenticatedAuthorizationManager.java      |  2 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
index de27a7d063..db26a13b35 100644
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@@ -153,7 +153,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	@Override
 	public final boolean isFullyAuthenticated() {
 		Authentication authentication = getAuthentication();
-		return !this.trustResolver.isAnonymous(authentication) && !this.trustResolver.isRememberMe(authentication);
+		return this.trustResolver.isFullyAuthenticated(authentication);
 	}
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
index b0de70d2ce..1e37d6c406 100644
--- a/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
+++ b/core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java
@@ -53,4 +53,21 @@ public interface AuthenticationTrustResolver {
 	 */
 	boolean isRememberMe(Authentication authentication);
 
+	/**
+	 * Indicates whether the passed <code>Authentication</code> token represents a fully
+	 * authenticated user (that is, neither anonymous or remember-me). This is a
+	 * composition of <code>isAnonymous</code> and <code>isRememberMe</code>
+	 * implementation
+	 * <p>
+	 * @param authentication to test (may be <code>null</code> in which case the method
+	 * will always return <code>false</code>)
+	 * @return <code>true</code> the passed authentication token represented an anonymous
+	 * principal & is authenticated using a remember-me token, <code>false</code>
+	 * otherwise
+	 * @since 5.8
+	 */
+	default boolean isFullyAuthenticated(Authentication authentication) {
+		return !isAnonymous(authentication) && !isRememberMe(authentication);
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java
index b9236eae3d..88192e4d9e 100644
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java
@@ -143,7 +143,7 @@ public final class AuthenticatedAuthorizationManager<T> implements Authorization
 
 		@Override
 		boolean isGranted(Authentication authentication) {
-			return super.isGranted(authentication) && !this.trustResolver.isRememberMe(authentication);
+			return authentication != null && this.trustResolver.isFullyAuthenticated(authentication);
 		}
 
 	}