diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java index 68761fccf4..17eb48e416 100644 --- a/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java +++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java @@ -187,7 +187,7 @@ public class CasAuthenticationToken extends AbstractAuthenticationToken implemen * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private Integer keyHash; diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java b/cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java index 4d791adccc..27a9996045 100644 --- a/cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java +++ b/cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java @@ -126,7 +126,7 @@ public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationT * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private String principal; @@ -139,9 +139,9 @@ public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationT } @Override - public B principal(@Nullable String principal) { - Assert.notNull(principal, "principal cannot be null"); - this.principal = principal; + public B principal(@Nullable Object principal) { + Assert.isInstanceOf(String.class, principal, "principal must be of type String"); + this.principal = (String) principal; return (B) this; } diff --git a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java index 97fe8cd61d..8d3eb1e759 100644 --- a/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java @@ -69,7 +69,7 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre this.authorities = Collections.unmodifiableList(new ArrayList<>(authorities)); } - protected AbstractAuthenticationToken(AbstractAuthenticationBuilder builder) { + protected AbstractAuthenticationToken(AbstractAuthenticationBuilder builder) { this(builder.authorities); this.authenticated = builder.authenticated; this.details = builder.details; @@ -197,8 +197,8 @@ public abstract class AbstractAuthenticationToken implements Authentication, Cre return sb.toString(); } - protected abstract static class AbstractAuthenticationBuilder> - implements Authentication.Builder { + protected abstract static class AbstractAuthenticationBuilder> + implements Authentication.Builder { protected boolean authenticated; diff --git a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java index 5ff410ecec..1ecb5f851f 100644 --- a/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java @@ -126,7 +126,7 @@ public class RememberMeAuthenticationToken extends AbstractAuthenticationToken { * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private Integer keyHash; diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java index f001674ca4..f60bb3b1b3 100644 --- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java @@ -91,7 +91,7 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken { * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private Object principal; diff --git a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java index 4bba35a27d..024b6bb1ae 100644 --- a/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java @@ -141,7 +141,7 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { protected @Nullable Object principal; diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthentication.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthentication.java index 8e73adf65b..c2a8812724 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthentication.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthentication.java @@ -67,7 +67,7 @@ public class OneTimeTokenAuthentication extends AbstractAuthenticationToken { /** * A builder for constructing a {@link OneTimeTokenAuthentication} instance */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private Object principal; diff --git a/core/src/main/java/org/springframework/security/core/Authentication.java b/core/src/main/java/org/springframework/security/core/Authentication.java index 6a46224dc8..eea57506e9 100644 --- a/core/src/main/java/org/springframework/security/core/Authentication.java +++ b/core/src/main/java/org/springframework/security/core/Authentication.java @@ -143,7 +143,7 @@ public interface Authentication extends Principal, Serializable { * instance * @since 7.0 */ - default Builder toBuilder() { + default Builder toBuilder() { return new SimpleAuthentication.Builder(this); } @@ -153,18 +153,18 @@ public interface Authentication extends Principal, Serializable { * @author Josh Cummings * @since 7.0 */ - interface Builder> { + interface Builder> { B authorities(Consumer> authorities); - default B credentials(@Nullable C credentials) { + default B credentials(@Nullable Object credentials) { throw new UnsupportedOperationException( String.format("%s does not store credentials", this.getClass().getSimpleName())); } B details(@Nullable Object details); - B principal(@Nullable P principal); + B principal(@Nullable Object principal); B authenticated(boolean authenticated); diff --git a/core/src/main/java/org/springframework/security/core/SimpleAuthentication.java b/core/src/main/java/org/springframework/security/core/SimpleAuthentication.java index ac301a9ff9..367c01d162 100644 --- a/core/src/main/java/org/springframework/security/core/SimpleAuthentication.java +++ b/core/src/main/java/org/springframework/security/core/SimpleAuthentication.java @@ -21,6 +21,8 @@ import java.util.Collection; import java.util.LinkedHashSet; import java.util.function.Consumer; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.jspecify.annotations.Nullable; @Transient @@ -83,7 +85,9 @@ final class SimpleAuthentication implements Authentication { return (this.principal == null) ? "" : this.principal.toString(); } - static final class Builder implements Authentication.Builder { + static final class Builder implements Authentication.Builder { + + private final Log logger = LogFactory.getLog(getClass()); private final Collection authorities = new LinkedHashSet<>(); @@ -96,11 +100,15 @@ final class SimpleAuthentication implements Authentication { private boolean authenticated; Builder(Authentication authentication) { + this.logger.debug("Creating a builder which will result in exchanging an authentication of type " + + authentication.getClass() + " for " + SimpleAuthentication.class.getSimpleName() + ";" + + " consider implementing " + authentication.getClass().getSimpleName() + "#toBuilder"); this.authorities.addAll(authentication.getAuthorities()); this.principal = authentication.getPrincipal(); this.credentials = authentication.getCredentials(); this.details = authentication.getDetails(); this.authenticated = authentication.isAuthenticated(); + } @Override diff --git a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationBuilderTests.java b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationBuilderTests.java index 50b64ebe27..de88eaf431 100644 --- a/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationBuilderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/AbstractAuthenticationBuilderTests.java @@ -40,7 +40,7 @@ class AbstractAuthenticationBuilderTests { } private static final class TestAbstractAuthenticationBuilder - extends AbstractAuthenticationBuilder { + extends AbstractAuthenticationBuilder { private TestAbstractAuthenticationBuilder(TestingAuthenticationToken token) { super(token); diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java index 613e16afbf..8e2796355c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java @@ -105,7 +105,7 @@ public class OAuth2AuthenticationToken extends AbstractAuthenticationToken { * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private OAuth2User principal; @@ -118,9 +118,9 @@ public class OAuth2AuthenticationToken extends AbstractAuthenticationToken { } @Override - public B principal(@Nullable OAuth2User principal) { - Assert.notNull(principal, "principal cannot be null"); - this.principal = principal; + public B principal(@Nullable Object principal) { + Assert.isInstanceOf(OAuth2User.class, principal, "principal must be of type OAuth2User"); + this.principal = (OAuth2User) principal; return (B) this; } diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java index 68898af461..079f738460 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java @@ -123,7 +123,7 @@ public abstract class AbstractOAuth2TokenAuthenticationToken> - extends AbstractAuthenticationBuilder { + extends AbstractAuthenticationBuilder { private Object principal; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthentication.java index e86494f9fc..22f8c64356 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthentication.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthentication.java @@ -82,8 +82,7 @@ public class Saml2AssertionAuthentication extends Saml2Authentication { * * @since 7.0 */ - public static class Builder> - extends Saml2Authentication.Builder { + public static class Builder> extends Saml2Authentication.Builder { private Saml2ResponseAssertionAccessor assertion; @@ -96,10 +95,11 @@ public class Saml2AssertionAuthentication extends Saml2Authentication { } @Override - public B credentials(@Nullable Saml2ResponseAssertionAccessor credentials) { - saml2Response(credentials.getResponseValue()); - Assert.notNull(credentials, "assertion cannot be null"); - this.assertion = credentials; + public B credentials(@Nullable Object credentials) { + Assert.isInstanceOf(Saml2ResponseAssertionAccessor.class, credentials, + "credentials must be of type Saml2ResponseAssertionAccessor"); + saml2Response(((Saml2ResponseAssertionAccessor) credentials).getResponseValue()); + this.assertion = (Saml2ResponseAssertionAccessor) credentials; return (B) this; } diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java index 2a9fe34bd9..d3e57fe3bd 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java @@ -71,7 +71,7 @@ public class Saml2Authentication extends AbstractAuthenticationToken { setAuthenticated(true); } - Saml2Authentication(Builder builder) { + Saml2Authentication(Builder builder) { super(builder); this.principal = builder.principal; this.saml2Response = builder.saml2Response; @@ -95,7 +95,7 @@ public class Saml2Authentication extends AbstractAuthenticationToken { return getSaml2Response(); } - abstract static class Builder> extends AbstractAuthenticationBuilder { + abstract static class Builder> extends AbstractAuthenticationBuilder { private Object principal; diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthenticationTests.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthenticationTests.java index 57b08dee02..d67ee3bc7c 100644 --- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthenticationTests.java +++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/Saml2AssertionAuthenticationTests.java @@ -32,7 +32,7 @@ class Saml2AssertionAuthenticationTests { Saml2AssertionAuthentication factorOne = new Saml2AssertionAuthentication("alice", prototype.nameId("alice").build(), AuthorityUtils.createAuthorityList("FACTOR_ONE"), "alice"); Saml2AssertionAuthentication factorTwo = new Saml2AssertionAuthentication("bob", - prototype.nameId("alice").build(), AuthorityUtils.createAuthorityList("FACTOR_TWO"), "bob"); + prototype.nameId("bob").build(), AuthorityUtils.createAuthorityList("FACTOR_TWO"), "bob"); Saml2AssertionAuthentication result = factorOne.toBuilder() .authorities((a) -> a.addAll(factorTwo.getAuthorities())) .principal(factorTwo.getPrincipal()) diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java index 0f994bd751..fef86d08ff 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java @@ -100,7 +100,7 @@ public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationT * * @since 7.0 */ - public static class Builder> extends AbstractAuthenticationBuilder { + public static class Builder> extends AbstractAuthenticationBuilder { private Object principal; diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java index 615781e2d1..6a2119dd1e 100644 --- a/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java +++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java @@ -85,19 +85,20 @@ public class WebAuthnAuthentication extends AbstractAuthenticationToken { * * @since 7.0 */ - public static final class Builder> - extends AbstractAuthenticationBuilder { + public static final class Builder> extends AbstractAuthenticationBuilder { private PublicKeyCredentialUserEntity principal; private Builder(WebAuthnAuthentication token) { super(token); + this.principal = token.principal; } @Override - public B principal(@Nullable PublicKeyCredentialUserEntity principal) { - Assert.notNull(principal, "principal cannot be null"); - this.principal = principal; + public B principal(@Nullable Object principal) { + Assert.isInstanceOf(PublicKeyCredentialUserEntity.class, principal, + "principal must be of type PublicKeyCredentialUserEntity"); + this.principal = (PublicKeyCredentialUserEntity) principal; return (B) this; }