Polish CurrentSecurityContextArgumentResolvers

Fixes gh-7487

Author: jzheaux

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebMvcSecurityConfiguration.java

@@ -21,7 +21,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.expression.BeanFactoryResolver;
 import org.springframework.expression.BeanResolver;
-import org.springframework.security.web.bind.support.CurrentSecurityContextArgumentResolver;
+import org.springframework.security.web.method.annotation.CurrentSecurityContextArgumentResolver;
 import org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver;
 import org.springframework.security.web.method.annotation.CsrfTokenArgumentResolver;
 import org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor;

web/src/main/java/org/springframework/security/web/bind/support/CurrentSecurityContextArgumentResolver.java renamed to web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.web.bind.support;
+package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.Annotation;
 
@@ -62,10 +62,10 @@
  * </pre>
  *
  * <p>
- * Will resolve the SecurityContext argument using {@link SecurityContextHolder#getContext()} from
- * the {@link SecurityContextHolder}. If the {@link SecurityContext} is null, it will return null.
- * If the types do not match, null will be returned unless
- * {@link CurrentSecurityContext#errorOnInvalidType()} is true in which case a
+ * Will resolve the {@link SecurityContext} argument using {@link SecurityContextHolder#getContext()} from
+ * the {@link SecurityContextHolder}. If the {@link SecurityContext} is {@code null}, it will return {@code null}.
+ * If the types do not match, {@code null} will be returned unless
+ * {@link CurrentSecurityContext#errorOnInvalidType()} is {@code true} in which case a
  * {@link ClassCastException} will be thrown.
  * </p>
  *
@@ -78,32 +78,19 @@ public final class CurrentSecurityContextArgumentResolver
 	private ExpressionParser parser = new SpelExpressionParser();
 
 	private BeanResolver beanResolver;
+
 	/**
-	 * check if this argument resolve can support the parameter.
-	 * @param parameter the method parameter.
-	 * @return true = it can support parameter.
-	 *
-	 * @see
-	 * org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * supportsParameter(org.springframework.core.MethodParameter)
+	 * {@inheritDoc}
 	 */
+	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(CurrentSecurityContext.class, parameter) != null;
 	}
 
 	/**
-	 * resolve the argument to inject into the controller parameter.
-	 * @param parameter the method parameter.
-	 * @param mavContainer the model and view container.
-	 * @param webRequest the web request.
-	 * @param binderFactory the web data binder factory.
-	 *
-	 * @see org.springframework.web.method.support.HandlerMethodArgumentResolver#
-	 * resolveArgument (org.springframework.core.MethodParameter,
-	 * org.springframework.web.method.support.ModelAndViewContainer,
-	 * org.springframework.web.context.request.NativeWebRequest,
-	 * org.springframework.web.bind.support.WebDataBinderFactory)
+	 * {@inheritDoc}
 	 */
+	@Override
 	public Object resolveArgument(MethodParameter parameter,
 				ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
 				WebDataBinderFactory binderFactory) {
@@ -138,8 +125,9 @@ public Object resolveArgument(MethodParameter parameter,
 		}
 		return securityContextResult;
 	}
+
 	/**
-	 * Sets the {@link BeanResolver} to be used on the expressions
+	 * Set the {@link BeanResolver} to be used on the expressions
 	 * @param beanResolver the {@link BeanResolver} to use
 	 */
 	public void setBeanResolver(BeanResolver beanResolver) {
@@ -148,7 +136,7 @@ public void setBeanResolver(BeanResolver beanResolver) {
 	}
 
 	/**
-	 * Obtains the specified {@link Annotation} on the specified {@link MethodParameter}.
+	 * Obtain the specified {@link Annotation} on the specified {@link MethodParameter}.
 	 *
 	 * @param annotationClass the class of the {@link Annotation} to find on the
 	 * {@link MethodParameter}

web/src/main/java/org/springframework/security/web/reactive/result/method/annotation/CurrentSecurityContextArgumentResolver.java

@@ -15,7 +15,11 @@
  */
 package org.springframework.security.web.reactive.result.method.annotation;
 
+import java.lang.annotation.Annotation;
+
 import org.reactivestreams.Publisher;
+import reactor.core.publisher.Mono;
+
 import org.springframework.core.MethodParameter;
 import org.springframework.core.ReactiveAdapter;
 import org.springframework.core.ReactiveAdapterRegistry;
@@ -34,12 +38,10 @@
 import org.springframework.web.reactive.BindingContext;
 import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolverSupport;
 import org.springframework.web.server.ServerWebExchange;
-import reactor.core.publisher.Mono;
-
-import java.lang.annotation.Annotation;
 
 /**
- * Resolves the SecurityContext
+ * Resolves the {@link SecurityContext}
+ *
  * @author Dan Zheng
  * @since 5.2
  */
@@ -63,25 +65,15 @@ public void setBeanResolver(BeanResolver beanResolver) {
 	}
 
 	/**
-	 * check if this argument resolve can support the parameter.
-	 * @param parameter the method parameter.
-	 * @return true = it can support parameter.
-	 *
-	 * @see
-	 * org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver#
-	 * supportsParameter(org.springframework.core.MethodParameter)
+	 * {@inheritDoc}
 	 */
 	@Override
 	public boolean supportsParameter(MethodParameter parameter) {
 		return findMethodAnnotation(CurrentSecurityContext.class, parameter) != null;
 	}
 
 	/**
-	 * resolve the argument to inject into the controller parameter.
-	 * @param parameter the method parameter.
-	 * @param bindingContext the binding context.
-	 * @param exchange the server web exchange.
-	 * @return the reactive mono object result.
+	 * {@inheritDoc}
 	 */
 	@Override
 	public Mono<Object> resolveArgument(MethodParameter parameter, BindingContext bindingContext,

web/src/test/java/org/springframework/security/web/bind/support/CurrentSecurityContextArgumentResolverTests.java renamed to web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java

@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.web.bind.support;
+package org.springframework.security.web.method.annotation;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
@@ -45,12 +45,11 @@
  *
  */
 public class CurrentSecurityContextArgumentResolverTests {
-	private Object expectedPrincipal;
 	private CurrentSecurityContextArgumentResolver resolver;
 
 	@Before
 	public void setup() {
-		resolver = new CurrentSecurityContextArgumentResolver();
+		this.resolver = new CurrentSecurityContextArgumentResolver();
 	}
 
 	@After
@@ -60,45 +59,48 @@ public void cleanup() {
 
 	@Test
 	public void supportsParameterNoAnnotation() {
-		assertThat(resolver.supportsParameter(showSecurityContextNoAnnotation())).isFalse();
+		assertThat(this.resolver.supportsParameter(showSecurityContextNoAnnotation())).isFalse();
 	}
 
 	@Test
 	public void supportsParameterAnnotation() {
-		assertThat(resolver.supportsParameter(showSecurityContextAnnotation())).isTrue();
+		assertThat(this.resolver.supportsParameter(showSecurityContextAnnotation())).isTrue();
 	}
 
 	@Test
-	public void resolveArgumentWithCustomSecurityContext() throws Exception {
+	public void resolveArgumentWithCustomSecurityContext() {
 		String principal = "custom_security_context";
 		setAuthenticationPrincipalWithCustomSecurityContext(principal);
-		CustomSecurityContext customSecurityContext = (CustomSecurityContext) resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
+		CustomSecurityContext customSecurityContext = (CustomSecurityContext)
+				this.resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
 		assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
 	}
 
 	@Test
-	public void resolveArgumentWithCustomSecurityContextTypeMatch() throws Exception {
+	public void resolveArgumentWithCustomSecurityContextTypeMatch() {
 		String principal = "custom_security_context_type_match";
 		setAuthenticationPrincipalWithCustomSecurityContext(principal);
-		CustomSecurityContext customSecurityContext = (CustomSecurityContext) resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
+		CustomSecurityContext customSecurityContext = (CustomSecurityContext)
+				this.resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
 		assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
 	}
 
 	@Test
-	public void resolveArgumentNullAuthentication() throws Exception {
+	public void resolveArgumentNullAuthentication() {
 		SecurityContext context = SecurityContextHolder.getContext();
 		Authentication authentication = context.getAuthentication();
 		context.setAuthentication(null);
-		assertThat(resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null))
+		assertThat(this.resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null))
 				.isNull();
 		context.setAuthentication(authentication);
 	}
 
 	@Test
-	public void resolveArgumentWithAuthentication() throws Exception {
+	public void resolveArgumentWithAuthentication() {
 		String principal = "john";
 		setAuthenticationPrincipal(principal);
-		Authentication auth1 = (Authentication) resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null);
+		Authentication auth1 = (Authentication)
+				this.resolver.resolveArgument(showSecurityContextAuthenticationAnnotation(), null, null, null);
 		assertThat(auth1.getPrincipal()).isEqualTo(principal);
 	}
 
@@ -109,87 +111,90 @@ public void resolveArgumentWithNullAuthentication() {
 		context.setAuthentication(null);
 		assertThatExceptionOfType(SpelEvaluationException.class)
 		.isThrownBy(() -> {
-			resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
+			this.resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
 		});
 		context.setAuthentication(authentication);
 	}
 
 	@Test
-	public void resolveArgumentWithOptionalPrincipal() throws Exception {
+	public void resolveArgumentWithOptionalPrincipal() {
 		SecurityContext context = SecurityContextHolder.getContext();
 		Authentication authentication = context.getAuthentication();
 		context.setAuthentication(null);
-		Object principalResult = resolver.resolveArgument(showSecurityContextAuthenticationWithOptionalPrincipal(), null, null, null);
+		Object principalResult =
+				this.resolver.resolveArgument(showSecurityContextAuthenticationWithOptionalPrincipal(), null, null, null);
 		assertThat(principalResult).isNull();
 		context.setAuthentication(authentication);
 	}
 
 	@Test
-	public void resolveArgumentWithPrincipal() throws Exception {
+	public void resolveArgumentWithPrincipal() {
 		String principal = "smith";
 		setAuthenticationPrincipal(principal);
-		String principalResult = (String) resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
+		String principalResult = (String)
+				this.resolver.resolveArgument(showSecurityContextAuthenticationWithPrincipal(), null, null, null);
 		assertThat(principalResult).isEqualTo(principal);
 	}
 
 	@Test
-	public void resolveArgumentUserDetails() throws Exception {
+	public void resolveArgumentUserDetails() {
 		setAuthenticationDetail(new User("my_user", "my_password",
 				AuthorityUtils.createAuthorityList("ROLE_USER")));
 
-		User u = (User) resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null,
+		User u = (User) this.resolver.resolveArgument(showSecurityContextWithUserDetail(), null, null,
 				null);
 		assertThat(u.getUsername()).isEqualTo("my_user");
 	}
 
 	@Test
-	public void resolveArgumentSecurityContextErrorOnInvalidTypeImplicit() throws Exception {
+	public void resolveArgumentSecurityContextErrorOnInvalidTypeImplicit() {
 		String principal = "invalid_type_implicit";
 		setAuthenticationPrincipal(principal);
-		assertThat(resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeImplicit(), null, null, null))
+		assertThat(this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeImplicit(), null, null, null))
 				.isNull();
 	}
 
 	@Test
-	public void resolveArgumentSecurityContextErrorOnInvalidTypeFalse() throws Exception {
+	public void resolveArgumentSecurityContextErrorOnInvalidTypeFalse() {
 		String principal = "invalid_type_false";
 		setAuthenticationPrincipal(principal);
-		assertThat(resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeFalse(), null, null, null))
+		assertThat(this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeFalse(), null, null, null))
 				.isNull();
 	}
 
 	@Test
 	public void resolveArgumentSecurityContextErrorOnInvalidTypeTrue() {
 		String principal = "invalid_type_true";
 		setAuthenticationPrincipal(principal);
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null,
-				null, null));
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() ->
+				this.resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null, null, null));
 	}
 
 	@Test
-	public void metaAnnotationWhenCurrentCustomSecurityContextThenInjectSecurityContext() throws Exception {
-		assertThat(resolver.resolveArgument(showCurrentCustomSecurityContext(), null, null, null))
+	public void metaAnnotationWhenCurrentCustomSecurityContextThenInjectSecurityContext() {
+		assertThat(this.resolver.resolveArgument(showCurrentCustomSecurityContext(), null, null, null))
 				.isNotNull();
 	}
 
 	@Test
-	public void metaAnnotationWhenCurrentAuthenticationThenInjectAuthentication() throws Exception {
+	public void metaAnnotationWhenCurrentAuthenticationThenInjectAuthentication() {
 		String principal = "current_authentcation";
 		setAuthenticationPrincipal(principal);
-		Authentication auth1 = (Authentication) resolver.resolveArgument(showCurrentAuthentication(), null, null, null);
+		Authentication auth1 = (Authentication)
+				this.resolver.resolveArgument(showCurrentAuthentication(), null, null, null);
 		assertThat(auth1.getPrincipal()).isEqualTo(principal);
 	}
 
 	@Test
-	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenInjectSecurityContext() throws Exception {
-		assertThat(resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidType(), null, null, null))
+	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenInjectSecurityContext() {
+		assertThat(this.resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidType(), null, null, null))
 				.isNotNull();
 	}
 
 	@Test
 	public void metaAnnotationWhenCurrentSecurityWithErrorOnInvalidTypeThenMisMatch() {
-		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null,
-				null, null));
+		assertThatExceptionOfType(ClassCastException.class).isThrownBy(() ->
+				this.resolver.resolveArgument(showCurrentSecurityWithErrorOnInvalidTypeMisMatch(), null, null, null));
 	}
 
 	private MethodParameter showSecurityContextNoAnnotation() {
@@ -342,13 +347,13 @@ public void setAuthentication(Authentication authentication) {
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext
-	static @interface CurrentCustomSecurityContext {
+	@interface CurrentCustomSecurityContext {
 	}
 
 	@Target({ ElementType.PARAMETER })
 	@Retention(RetentionPolicy.RUNTIME)
 	@CurrentSecurityContext(expression = "authentication")
-	static @interface CurrentAuthentication {
+	@interface CurrentAuthentication {
 	}
 
 	@Target({ ElementType.PARAMETER })