Remove Deprecated AuthorizationDecision Elements
Closes gh-17299 Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
This commit is contained in:
Tran Ngoc Nhan
committed by
Josh Cummings
Josh Cummings
parent
448283b30c
commit
9312fb7004
+1
-8
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -27,7 +27,6 @@ import org.springframework.messaging.MessageChannel;
|
||||
import org.springframework.messaging.support.ChannelInterceptor;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationEventPublisher;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationResult;
|
||||
@@ -109,12 +108,6 @@ public final class AuthorizationChannelInterceptor implements ChannelInterceptor
|
||||
|
||||
private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher {
|
||||
|
||||
@Override
|
||||
public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
|
||||
AuthorizationDecision decision) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object,
|
||||
AuthorizationResult result) {
|
||||
|
||||
-25
@@ -28,7 +28,6 @@ import org.springframework.messaging.Message;
|
||||
import org.springframework.messaging.simp.SimpMessageType;
|
||||
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorityAuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationResult;
|
||||
import org.springframework.security.authorization.SingleResultAuthorizationManager;
|
||||
@@ -56,30 +55,6 @@ public final class MessageMatcherDelegatingAuthorizationManager implements Autho
|
||||
this.mappings = mappings;
|
||||
}
|
||||
|
||||
/**
|
||||
* Delegates to a specific {@link AuthorizationManager} based on a
|
||||
* {@link MessageMatcher} evaluation.
|
||||
* @param authentication the {@link Supplier} of the {@link Authentication} to check
|
||||
* @param message the {@link Message} to check
|
||||
* @return an {@link AuthorizationDecision}. If there is no {@link MessageMatcher}
|
||||
* matching the message, or the {@link AuthorizationManager} could not decide, then
|
||||
* null is returned
|
||||
* @deprecated please use {@link #authorize(Supplier, Message)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
@Override
|
||||
public AuthorizationDecision check(Supplier<Authentication> authentication, Message<?> message) {
|
||||
AuthorizationResult result = authorize(authentication, message);
|
||||
if (result == null) {
|
||||
return null;
|
||||
}
|
||||
if (result instanceof AuthorizationDecision decision) {
|
||||
return decision;
|
||||
}
|
||||
throw new IllegalArgumentException(
|
||||
"Please call #authorize or ensure that the returned result is of type AuthorizationDecision");
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthorizationResult authorize(Supplier<Authentication> authentication, Message<?> message) {
|
||||
if (this.logger.isTraceEnabled()) {
|
||||
|
||||
+4
-12
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2024 the original author or authors.
|
||||
* Copyright 2002-2025 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -30,7 +30,6 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationEventPublisher;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationResult;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
@@ -39,7 +38,6 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.Mockito.lenient;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
/**
|
||||
@@ -83,15 +81,13 @@ public class AuthorizationChannelInterceptorTests {
|
||||
|
||||
@Test
|
||||
public void preSendWhenAllowThenSameMessage() {
|
||||
given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
|
||||
given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
|
||||
given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
|
||||
assertThat(this.interceptor.preSend(this.message, this.channel)).isSameAs(this.message);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void preSendWhenDenyThenException() {
|
||||
given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false));
|
||||
given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
|
||||
given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false));
|
||||
assertThatExceptionOfType(AccessDeniedException.class)
|
||||
.isThrownBy(() -> this.interceptor.preSend(this.message, this.channel));
|
||||
}
|
||||
@@ -105,11 +101,7 @@ public class AuthorizationChannelInterceptorTests {
|
||||
@Test
|
||||
public void preSendWhenAuthorizationEventPublisherThenPublishes() {
|
||||
this.interceptor.setAuthorizationEventPublisher(this.eventPublisher);
|
||||
given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));
|
||||
given(this.authorizationManager.authorize(any(), any())).willCallRealMethod();
|
||||
lenient().doCallRealMethod()
|
||||
.when(this.eventPublisher)
|
||||
.publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class));
|
||||
given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true));
|
||||
this.interceptor.preSend(this.message, this.channel);
|
||||
verify(this.eventPublisher).publishAuthorizationEvent(any(), any(), any());
|
||||
}
|
||||
|
||||
+10
-10
@@ -65,7 +65,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
void checkWhenPermitAllThenPermits() {
|
||||
AuthorizationManager<Message<?>> authorizationManager = builder().anyMessage().permitAll().build();
|
||||
Message<?> message = new GenericMessage<>(new Object());
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -73,9 +73,9 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
AuthorizationManager<Message<?>> authorizationManager = builder().anyMessage().hasRole("USER").build();
|
||||
Message<?> message = new GenericMessage<>(new Object());
|
||||
Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER");
|
||||
assertThat(authorizationManager.check(() -> user, message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(() -> user, message).isGranted()).isTrue();
|
||||
Authentication admin = new TestingAuthenticationToken("user", "password", "ROLE_ADMIN");
|
||||
assertThat(authorizationManager.check(() -> admin, message).isGranted()).isFalse();
|
||||
assertThat(authorizationManager.authorize(() -> admin, message).isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -88,7 +88,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
MessageHeaders headers = new MessageHeaders(
|
||||
Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination"));
|
||||
Message<?> message = new GenericMessage<>(new Object(), headers);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -99,11 +99,11 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
.denyAll()
|
||||
.build();
|
||||
Message<?> message = new GenericMessage<>(new Object());
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
MessageHeaders headers = new MessageHeaders(
|
||||
Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination"));
|
||||
message = new GenericMessage<>(new Object(), headers);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -116,7 +116,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
MessageHeaders headers = new MessageHeaders(
|
||||
Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT));
|
||||
Message<?> message = new GenericMessage<>(new Object(), headers);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
}
|
||||
|
||||
// gh-12540
|
||||
@@ -130,7 +130,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
MessageHeaders headers = new MessageHeaders(
|
||||
Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination/3"));
|
||||
Message<?> message = new GenericMessage<>(new Object(), headers);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -151,7 +151,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
MessageHeaders headers2 = new MessageHeaders(Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER,
|
||||
SimpMessageType.SUBSCRIBE, SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination"));
|
||||
Message<?> message2 = new GenericMessage<>(new Object(), headers2);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message2).isGranted()).isFalse();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message2).isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -166,7 +166,7 @@ public final class MessageMatcherDelegatingAuthorizationManagerTests {
|
||||
MessageHeaders headers = new MessageHeaders(
|
||||
Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/sub/asdf"));
|
||||
Message<?> message = new GenericMessage<>(new Object(), headers);
|
||||
assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse();
|
||||
assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse();
|
||||
}
|
||||
|
||||
private MessageMatcherDelegatingAuthorizationManager.Builder builder() {
|
||||
|
||||
Reference in New Issue
Block a user