Allow AuthenticationPrincipal argument type to be primitive

Closes gh-10172
2026-05-22 21:33:16 +00:00 · 2021-08-20 13:17:37 +02:00
parent 7112ee3eaa
commit 7d81a52780
8 changed files with 102 additions and 12 deletions
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
+import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;

 /**
@@ -107,7 +108,7 @@ public final class AuthenticationPrincipalArgumentResolver implements HandlerMet
 			Expression expression = this.parser.parseExpression(expressionToParse);
 			principal = expression.getValue(context);
 		}
-		if (principal != null && !parameter.getParameterType().isAssignableFrom(principal.getClass())) {
+		if (principal != null && !ClassUtils.isAssignable(parameter.getParameterType(), principal.getClass())) {
 			if (authPrincipal.errorOnInvalidType()) {
 				throw new ClassCastException(principal + " is not assignable to " + parameter.getParameterType());
 			}
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 the original author or authors.
+ * Copyright 2019-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -39,6 +39,7 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.Assert;
+import org.springframework.util.ClassUtils;
 import org.springframework.util.StringUtils;

 /**
@@ -170,7 +171,7 @@ public class AuthenticationPrincipalArgumentResolver implements HandlerMethodArg
 			}
 			typeToCheck = genericType;
 		}
-		return !typeToCheck.isAssignableFrom(principal.getClass());
+		return !ClassUtils.isAssignable(typeToCheck, principal.getClass());
 	}

 	/**
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -133,6 +133,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		assertThat(resolveArgument).isNotSameAs(principal);
 	}

+	@Test
+	public void resolveArgumentSpelPrimitive() throws Exception {
+		CustomUserPrincipal principal = new CustomUserPrincipal();
+		setAuthenticationPrincipal(principal);
+		this.expectedPrincipal = principal.id;
+		assertThat(this.resolver.resolveArgument(showUserSpelPrimitive(), null)).isEqualTo(this.expectedPrincipal);
+	}
+
 	@Test
 	public void resolveArgumentNullOnInvalidType() throws Exception {
 		setAuthenticationPrincipal(new CustomUserPrincipal());
@@ -195,6 +203,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
 		return getMethodParameter("showUserSpelCopy", CopyUserPrincipal.class);
 	}

+	private MethodParameter showUserSpelPrimitive() {
+		return getMethodParameter("showUserSpelPrimitive", int.class);
+	}
+
 	private MethodParameter showUserAnnotationObject() {
 		return getMethodParameter("showUserAnnotation", Object.class);
 	}
@@ -258,12 +270,17 @@ public class AuthenticationPrincipalArgumentResolverTests {
 				expression = "new org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
 		}

+		public void showUserSpelPrimitive(@AuthenticationPrincipal(expression = "id") int id) {
+		}
+
 	}

 	static class CustomUserPrincipal {

 		public final String property = "property";

+		public final int id = 1;
+
 	}

 	public static class CopyUserPrincipal {
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 the original author or authors.
+ * Copyright 2019-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@ import reactor.core.publisher.Mono;
 import org.springframework.core.MethodParameter;
 import org.springframework.core.annotation.SynthesizingMethodParameter;
 import org.springframework.security.authentication.TestAuthentication;
+import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
@@ -105,6 +106,21 @@ public class AuthenticationPrincipalArgumentResolverTests {
 			@AuthenticationPrincipal(expression = "username") Mono<String> username) {
 	}

+	@Test
+	public void resolveArgumentWhenExpressionPrimitiveThenFound() {
+		CustomUserPrincipal principal = new CustomUserPrincipal();
+		// @formatter:off
+		Mono<Object> result = this.resolver
+				.resolveArgument(arg0("authenticationPrincipalExpressionPrimitive"), null)
+				.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(new TestingAuthenticationToken(principal, "password", "ROLE_USER")));
+		// @formatter:on
+		assertThat(result.block()).isEqualTo(principal.id);
+	}
+
+	@SuppressWarnings("unused")
+	private void authenticationPrincipalExpressionPrimitive(@AuthenticationPrincipal(expression = "id") int username) {
+	}
+
 	@Test
 	public void supportsParameterWhenNotAnnotatedThenFalse() {
 		assertThat(this.resolver.supportsParameter(arg0("monoUserDetails"))).isFalse();
@@ -125,4 +141,10 @@ public class AuthenticationPrincipalArgumentResolverTests {

 	}

+	static class CustomUserPrincipal {
+
+		public final int id = 1;
+
+	}
+
 }