Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthorizationManager should return AuthorizationResult #14846

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

AuthorizationManager should return AuthorizationResult #14846

wants to merge 1 commit into from

Conversation

CrazyParanoid
Copy link

Added a new authorization method to AuthorizationManager that returns AuthorizationResult.

Closes gh-14843

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Apr 4, 2024
jzheaux
jzheaux requested changes Apr 5, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @CrazyParanoid.

With check deprecated, we should no longer call it in from other non-deprecated production code in Spring Security. Can you also make those corresponding changes? Please leave tests as-is, though.

Also, please add tests to ensure that the new method works.

Finally, please take a look at AuthorizaitonManagerBeforeMethodInterceptor and other method interceptors to ensure that they are no longer casting expression values to AuthorizationDecision. Instead, they should implement the authorize method, have their check method call it, and then perform the cast there.

@jzheaux jzheaux self-assigned this Apr 5, 2024
@CrazyParanoid CrazyParanoid force-pushed the gh-14843 branch 2 times, most recently from 8b274c1 to a368cd1 Compare April 7, 2024 14:20
Add support AuthorizationResult for AuthorizationManager
8ee5742 
Added a new authorization method to AuthorizationManager that returns AuthorizationResult.

Closes spring-projectsgh-14843
@CrazyParanoid
Copy link
Author

Hi @jzheaux ! I added the authorize method to the AuthorizationManager and made the default implementation of the check method:

default AuthorizationDecision check(Supplier<Authentication> authentication, T object) {
		return (AuthorizationDecision) authorize(authentication, object);
	}

With this implementation, it will not be possible to leave the tests as is, because in some tests, a mock of the check method is made and its invocation is verified:

verify(this.mockAuthorizationManager).check(any(), any());

And it needs to be changed to authorize, since the mock was made for example:

given(this.mockAuthorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true));

In addition, there are several delegating components that make call check method of delegate. Here you need to mock the authorize and verify its invocation.

@jzheaux jzheaux changed the title Add support AuthorizationResult for AuthorizationManager AuthorizationManager should return AuthorizationResult Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux Awaiting requested review from jzheaux

Assignees

@jzheaux jzheaux

Labels
status: waiting-for-triage An issue we've not yet triaged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AuthorizationManager should support returning an AuthorizationResult
3 participants
@CrazyParanoid @jzheaux @spring-projects-issues