Consolidate ExpressionAuthorizationDecision

jzheaux · jzheaux · commit 20def5e25d82 · 2022-07-14T09:25:17.000-06:00
Issue gh-11493
diff --git a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
@@ -23,7 +23,11 @@
  *
  * @author Marcus Da Coregio
  * @since 5.6
+ * @deprecated Use
+ * {@link org.springframework.security.authorization.ExpressionAuthorizationDecision}
+ * instead
  */
+@Deprecated
 public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision {
 
 	private final ExpressionAttribute expressionAttribute;
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java
@@ -31,6 +31,7 @@
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
@@ -76,7 +77,7 @@ public AuthorizationDecision check(Supplier<Authentication> authentication, Meth
 				mi.getMethodInvocation());
 		this.expressionHandler.setReturnObject(mi.getResult(), ctx);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx);
-		return new ExpressionAttributeAuthorizationDecision(granted, attribute);
+		return new ExpressionAuthorizationDecision(granted, attribute.getExpression());
 	}
 
 	private final class PostAuthorizeExpressionAttributeRegistry
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java
@@ -31,6 +31,7 @@
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
@@ -74,7 +75,7 @@ public AuthorizationDecision check(Supplier<Authentication> authentication, Meth
 		}
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx);
-		return new ExpressionAttributeAuthorizationDecision(granted, attribute);
+		return new ExpressionAuthorizationDecision(granted, attribute.getExpression());
 	}
 
 	private final class PreAuthorizeExpressionAttributeRegistry
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionAuthorizationDecision.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionAuthorizationDecision.java
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java
@@ -24,6 +24,7 @@
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
 import org.springframework.util.Assert;

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@`
`31`	`31`	`import org.springframework.security.access.prepost.PreAuthorize;`
`32`	`32`	`import org.springframework.security.authorization.AuthorizationDecision;`
`33`	`33`	`import org.springframework.security.authorization.AuthorizationManager;`
	`34`	`+import org.springframework.security.authorization.ExpressionAuthorizationDecision;`
`34`	`35`	`import org.springframework.security.core.Authentication;`
`35`	`36`	`import org.springframework.util.Assert;`
`36`	`37`
`@@ -74,7 +75,7 @@ public AuthorizationDecision check(Supplier<Authentication> authentication, Meth`
`74`	`75`	`}`
`75`	`76`	`EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);`
`76`	`77`	`boolean granted = ExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx);`
`77`		`- return new ExpressionAttributeAuthorizationDecision(granted, attribute);`
	`78`	`+ return new ExpressionAuthorizationDecision(granted, attribute.getExpression());`
`78`	`79`	`}`
`79`	`80`
`80`	`81`	`private final class PreAuthorizeExpressionAttributeRegistry`