Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

AuthorizationManagerWebInvocationPrivilegeEvaluator grant access when AuthorizationManager abstains

Browse Source 
Closes gh-10950
This commit is contained in:
Marcus Da Coregio
2022-03-09 15:20:14 -03:00
parent 65ec2659c4
commit 980e0466a7
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/main/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluator.java
+1 -1
View File
@@ -51,7 +51,7 @@ public final class AuthorizationManagerWebInvocationPrivilegeEvaluator implement
FilterInvocation filterInvocation = new FilterInvocation(contextPath, uri, method);
AuthorizationDecision decision = this.authorizationManager.check(() -> authentication,
filterInvocation.getHttpRequest());
return decision != null && decision.isGranted();
return decision == null || decision.isGranted();
}
}
web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java
+7
View File
@@ -65,4 +65,11 @@ class AuthorizationManagerWebInvocationPrivilegeEvaluatorTests {
assertThat(allowed).isFalse();
}
@Test
void isAllowedWhenAuthorizationManagerAbstainsThenAllowedTrue() {
given(this.authorizationManager.check(any(), any())).willReturn(null);
boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser());
assertThat(allowed).isTrue();
}
}