Add Supplier Support

Issue gh-14597

Author: jzheaux

core/src/main/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactory.java

@@ -254,7 +254,8 @@ public interface TargetVisitor {
 		/**
 		 * The default {@link TargetVisitor}, which will proxy {@link Class} instances as
 		 * well as instances contained in reactive types (if reactor is present),
-		 * collection types, and other container types like {@link Optional}
+		 * collection types, and other container types like {@link Optional} and
+		 * {@link Supplier}
 		 */
 		static TargetVisitor defaults() {
 			return AuthorizationAdvisorProxyFactory.DEFAULT_VISITOR;
@@ -351,6 +352,9 @@ public Object visit(AuthorizationAdvisorProxyFactory proxyFactory, Object target
 			if (target instanceof Optional<?> optional) {
 				return proxyOptional(proxyFactory, optional);
 			}
+			if (target instanceof Supplier<?> supplier) {
+				return proxySupplier(proxyFactory, supplier);
+			}
 			return null;
 		}
 
@@ -483,6 +487,10 @@ private Optional<?> proxyOptional(AuthorizationProxyFactory proxyFactory, Option
 			return optional.map(proxyFactory::proxy);
 		}
 
+		private Supplier<?> proxySupplier(AuthorizationProxyFactory proxyFactory, Supplier<?> supplier) {
+			return () -> proxyFactory.proxy(supplier.get());
+		}
+
 	}
 
 	private static class ReactiveTypeVisitor implements TargetVisitor {

core/src/test/java/org/springframework/security/authorization/AuthorizationAdvisorProxyFactoryTests.java

@@ -31,6 +31,7 @@
 import java.util.SortedSet;
 import java.util.TreeMap;
 import java.util.TreeSet;
+import java.util.function.Supplier;
 import java.util.stream.Stream;
 
 import org.jetbrains.annotations.NotNull;
@@ -242,6 +243,17 @@ public void proxyWhenPreAuthorizeForOptionalThenHonors() {
 		SecurityContextHolder.clearContext();
 	}
 
+	@Test
+	public void proxyWhenPreAuthorizeForSupplierThenHonors() {
+		SecurityContextHolder.getContext().setAuthentication(this.user);
+		AuthorizationAdvisorProxyFactory factory = AuthorizationAdvisorProxyFactory.withDefaults();
+		Supplier<Flight> flights = () -> this.flight;
+		assertThat(flights.get().getAltitude()).isEqualTo(35000d);
+		Supplier<Flight> secured = proxy(factory, flights);
+		assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> secured.get().getAltitude());
+		SecurityContextHolder.clearContext();
+	}
+
 	@Test
 	public void proxyWhenPreAuthorizeForStreamThenHonors() {
 		SecurityContextHolder.getContext().setAuthentication(this.user);