Move FACTOR_ constants to FactorGrantedAuthority
Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030
This commit is contained in:
Rob Winch
+2
-2
@@ -21,7 +21,7 @@ import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
|
||||
@@ -237,7 +237,7 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
|
||||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+2
-3
@@ -28,7 +28,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||
@@ -196,8 +196,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
|
||||
AuthenticationEntryPoint entryPoint = postProcess(this.authenticationEntryPoint);
|
||||
exceptionHandling.defaultAuthenticationEntryPointFor(entryPoint, preferredMatcher);
|
||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher),
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher), FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) {
|
||||
|
||||
+2
-2
@@ -26,7 +26,7 @@ import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.http.converter.HttpMessageConverter;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||
@@ -159,7 +159,7 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
if (exceptions != null) {
|
||||
AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint),
|
||||
GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
||||
FactorGrantedAuthority.WEBAUTHN_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+3
-3
@@ -25,8 +25,8 @@ import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
@@ -180,14 +180,14 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
|
||||
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
||||
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
|
||||
authenticationProvider.setGrantedAuthoritySupplier(
|
||||
() -> AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_X509_AUTHORITY));
|
||||
() -> AuthorityUtils.createAuthorityList(FactorGrantedAuthority.X509_AUTHORITY));
|
||||
http.authenticationProvider(authenticationProvider)
|
||||
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
||||
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
||||
if (exceptions != null) {
|
||||
AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden),
|
||||
GrantedAuthorities.FACTOR_X509_AUTHORITY);
|
||||
FactorGrantedAuthority.X509_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+2
-2
@@ -45,7 +45,7 @@ import org.springframework.security.config.annotation.web.configurers.SessionMan
|
||||
import org.springframework.security.context.DelegatingApplicationListener;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.core.session.AbstractSessionEvent;
|
||||
import org.springframework.security.core.session.SessionDestroyedEvent;
|
||||
@@ -568,7 +568,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY);
|
||||
FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY);
|
||||
}
|
||||
return loginEntryPoint;
|
||||
}
|
||||
|
||||
+2
-2
@@ -39,7 +39,7 @@ import org.springframework.security.config.annotation.web.configurers.CsrfConfig
|
||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
@@ -357,7 +357,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
||||
exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, preferredMatcher);
|
||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher),
|
||||
GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
||||
FactorGrantedAuthority.BEARER_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+2
-2
@@ -37,7 +37,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||
@@ -142,7 +142,7 @@ public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>
|
||||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+2
-2
@@ -35,7 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
||||
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
@@ -355,7 +355,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY);
|
||||
FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY);
|
||||
}
|
||||
return loginEntryPoint;
|
||||
}
|
||||
|
||||
+4
-6
@@ -27,7 +27,7 @@ import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
@@ -57,8 +57,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
||||
Service service;
|
||||
|
||||
@Test
|
||||
@WithMockUser(
|
||||
authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
||||
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||
void webWhenAuthorized() throws Exception {
|
||||
this.mvc.perform(get("/")).andExpect(status().isOk());
|
||||
}
|
||||
@@ -70,8 +69,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(
|
||||
authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
||||
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||
void methodWhenAuthorized() throws Exception {
|
||||
Assertions.assertThatNoException().isThrownBy(() -> this.service.authenticated());
|
||||
}
|
||||
@@ -87,7 +85,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
||||
@EnableMethodSecurity
|
||||
@Configuration
|
||||
@EnableGlobalMultiFactorAuthentication(
|
||||
authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY })
|
||||
authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY })
|
||||
static class Config {
|
||||
|
||||
@Bean
|
||||
|
||||
+11
-11
@@ -40,7 +40,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.config.users.AuthenticationTestConfiguration;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextChangedListener;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
@@ -417,20 +417,20 @@ public class FormLoginConfigurerTests {
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("/"));
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
.authorities("profile:read", FactorGrantedAuthority.OTT_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||
FactorGrantedAuthority.OTT_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user))).andExpect(status().isNotFound());
|
||||
}
|
||||
@@ -453,8 +453,8 @@ public class FormLoginConfigurerTests {
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("/"));
|
||||
UserDetails authorized = PasswordEncodedUser.withUsername("rod")
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
.authorities("profile:read", FactorGrantedAuthority.X509_AUTHORITY,
|
||||
FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(authorized))).andExpect(status().isOk());
|
||||
}
|
||||
@@ -821,8 +821,8 @@ public class FormLoginConfigurerTests {
|
||||
|
||||
@Bean
|
||||
AuthorizationManagerFactory<?> authz() {
|
||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
return new AuthorizationManagerFactory<>(FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -848,8 +848,8 @@ public class FormLoginConfigurerTests {
|
||||
|
||||
@Bean
|
||||
AuthorizationManagerFactory<?> authz() {
|
||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
return new AuthorizationManagerFactory<>(FactorGrantedAuthority.X509_AUTHORITY,
|
||||
FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user