Move toBuilder to BuildableAuthentication

Closes gh-18052
2026-05-22 21:33:16 +00:00 · 2025-10-14 16:14:57 -06:00
parent fbf7bb3be1
commit e535e61c8b
24 changed files with 279 additions and 333 deletions
@@ -22,6 +22,7 @@ import org.jspecify.annotations.Nullable;

 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -42,7 +43,7 @@ import org.springframework.util.Assert;
 * @see OAuth2User
 * @see OAuth2AuthorizedClient
 */
-public class OAuth2AuthenticationToken extends AbstractAuthenticationToken {
+public class OAuth2AuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {

 	private static final long serialVersionUID = 620L;

@@ -24,6 +24,7 @@ import java.util.Map;
 import org.jspecify.annotations.Nullable;

 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.Transient;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
@@ -38,7 +39,8 @@ import org.springframework.util.Assert;
 * @since 5.2
 */
@Transient
-public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken> {
+public class BearerTokenAuthentication extends AbstractOAuth2TokenAuthenticationToken<OAuth2AccessToken>
+		implements BuildableAuthentication {

 	private static final long serialVersionUID = 620L;

@@ -22,6 +22,7 @@ import java.util.Map;
 import org.jspecify.annotations.Nullable;

 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.Transient;
 import org.springframework.security.oauth2.jwt.Jwt;
@@ -37,7 +38,8 @@ import org.springframework.util.Assert;
 * @see Jwt
 */
@Transient
-public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationToken<Jwt> {
+public class JwtAuthenticationToken extends AbstractOAuth2TokenAuthenticationToken<Jwt>
+		implements BuildableAuthentication {

 	private static final long serialVersionUID = 620L;

@@ -30,6 +30,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.AuthenticationManagerResolver;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
@@ -182,9 +183,11 @@ public class BearerTokenAuthenticationFilter extends OncePerRequestFilter {
 			}
 			Authentication current = this.securityContextHolderStrategy.getContext().getAuthentication();
 			if (current != null && current.isAuthenticated()) {
-				authenticationResult = authenticationResult.toBuilder()
-					.authorities((a) -> a.addAll(current.getAuthorities()))
-					.build();
+				if (authenticationResult instanceof BuildableAuthentication buildable) {
+					authenticationResult = buildable.toBuilder()
+						.authorities((a) -> a.addAll(current.getAuthorities()))
+						.build();
+				}
 			}
 			SecurityContext context = this.securityContextHolderStrategy.createEmptyContext();
 			context.setAuthentication(authenticationResult);