Skip to content

Commit a9749af

Browse files
jzheauxjzheaux
committed
Publish AuthorizationProxyFactory Bean
Issue gh-14596
1 parent 4a02b68 commit a9749af

10 files changed

+94
-27
lines changed

config/src/main/java/org/springframework/security/config/annotation/method/configuration/AuthorizationProxyConfiguration.java

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
/*
2+
* Copyright 2002-2024 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.config.annotation.method.configuration;
18+
19+
import java.util.ArrayList;
20+
import java.util.List;
21+
22+
import org.springframework.aop.framework.AopInfrastructureBean;
23+
import org.springframework.beans.factory.ObjectProvider;
24+
import org.springframework.beans.factory.config.BeanDefinition;
25+
import org.springframework.context.annotation.Bean;
26+
import org.springframework.context.annotation.Configuration;
27+
import org.springframework.context.annotation.Role;
28+
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
29+
import org.springframework.security.authorization.AuthorizationAdvisorProxyFactory;
30+
import org.springframework.security.authorization.method.AuthorizationAdvisor;
31+
32+
@Configuration(proxyBeanMethods = false)
33+
final class AuthorizationProxyConfiguration implements AopInfrastructureBean {
34+
35+
@Bean
36+
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
37+
static AuthorizationAdvisorProxyFactory authorizationProxyFactory(ObjectProvider<AuthorizationAdvisor> provider) {
38+
List<AuthorizationAdvisor> advisors = new ArrayList<>();
39+
provider.forEach(advisors::add);
40+
AnnotationAwareOrderComparator.sort(advisors);
41+
return new AuthorizationAdvisorProxyFactory(advisors);
42+
}
43+
44+
}

config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MethodSecurityConfiguration.java

+2-1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
import org.aopalliance.intercept.MethodInterceptor;
2121
import org.aopalliance.intercept.MethodInvocation;
2222

23+
import org.springframework.aop.framework.AopInfrastructureBean;
2324
import org.springframework.beans.factory.ObjectProvider;
2425
import org.springframework.beans.factory.config.BeanDefinition;
2526
import org.springframework.context.annotation.Bean;
@@ -48,7 +49,7 @@
4849
*/
4950
@Configuration(proxyBeanMethods = false)
5051
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
51-
final class Jsr250MethodSecurityConfiguration implements ImportAware {
52+
final class Jsr250MethodSecurityConfiguration implements ImportAware, AopInfrastructureBean {
5253

5354
private int interceptorOrderOffset;
5455

config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecuritySelector.java

+1
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ public String[] selectImports(@NonNull AnnotationMetadata importMetadata) {
5656
if (annotation.jsr250Enabled()) {
5757
imports.add(Jsr250MethodSecurityConfiguration.class.getName());
5858
}
59+
imports.add(AuthorizationProxyConfiguration.class.getName());
5960
return imports.toArray(new String[0]);
6061
}
6162

config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java

+4-5
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,6 @@
2727
import org.jetbrains.annotations.Nullable;
2828

2929
import org.springframework.aop.Pointcut;
30-
import org.springframework.aop.PointcutAdvisor;
3130
import org.springframework.aop.framework.AopInfrastructureBean;
3231
import org.springframework.beans.factory.ObjectProvider;
3332
import org.springframework.beans.factory.config.BeanDefinition;
@@ -36,14 +35,14 @@
3635
import org.springframework.context.annotation.Configuration;
3736
import org.springframework.context.annotation.ImportAware;
3837
import org.springframework.context.annotation.Role;
39-
import org.springframework.core.Ordered;
4038
import org.springframework.core.type.AnnotationMetadata;
4139
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
4240
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
4341
import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
4442
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
4543
import org.springframework.security.authorization.AuthorizationEventPublisher;
4644
import org.springframework.security.authorization.AuthorizationManager;
45+
import org.springframework.security.authorization.method.AuthorizationAdvisor;
4746
import org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor;
4847
import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
4948
import org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager;
@@ -65,7 +64,7 @@
6564
*/
6665
@Configuration(proxyBeanMethods = false)
6766
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
68-
final class PrePostMethodSecurityConfiguration implements ImportAware {
67+
final class PrePostMethodSecurityConfiguration implements ImportAware, AopInfrastructureBean {
6968

7069
private int interceptorOrderOffset;
7170

@@ -175,8 +174,8 @@ public void setImportMetadata(AnnotationMetadata importMetadata) {
175174
this.interceptorOrderOffset = annotation.offset();
176175
}
177176

178-
private static final class DeferringMethodInterceptor<M extends Ordered & MethodInterceptor & PointcutAdvisor>
179-
implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
177+
private static final class DeferringMethodInterceptor<M extends AuthorizationAdvisor>
178+
implements AuthorizationAdvisor {
180179

181180
private final Pointcut pointcut;
182181

config/src/main/java/org/springframework/security/config/annotation/method/configuration/SecuredMethodSecurityConfiguration.java

+2-1
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
import org.aopalliance.intercept.MethodInterceptor;
2121
import org.aopalliance.intercept.MethodInvocation;
2222

23+
import org.springframework.aop.framework.AopInfrastructureBean;
2324
import org.springframework.beans.factory.ObjectProvider;
2425
import org.springframework.beans.factory.config.BeanDefinition;
2526
import org.springframework.context.annotation.Bean;
@@ -48,7 +49,7 @@
4849
*/
4950
@Configuration(proxyBeanMethods = false)
5051
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
51-
final class SecuredMethodSecurityConfiguration implements ImportAware {
52+
final class SecuredMethodSecurityConfiguration implements ImportAware, AopInfrastructureBean {
5253

5354
private int interceptorOrderOffset;
5455

core/src/main/java/org/springframework/security/authorization/method/AuthorizationAdvisor.java

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/*
2+
* Copyright 2002-2024 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.authorization.method;
18+
19+
import org.aopalliance.intercept.MethodInterceptor;
20+
21+
import org.springframework.aop.PointcutAdvisor;
22+
import org.springframework.aop.framework.AopInfrastructureBean;
23+
import org.springframework.core.Ordered;
24+
25+
/**
26+
* An interface that indicates method security advice
27+
*
28+
* @author Josh Cummings
29+
* @since 6.3
30+
* @see AuthorizationManagerBeforeMethodInterceptor
31+
* @see AuthorizationManagerAfterMethodInterceptor
32+
* @see PreFilterAuthorizationMethodInterceptor
33+
* @see PostFilterAuthorizationMethodInterceptor
34+
*/
35+
public interface AuthorizationAdvisor extends Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
36+
37+
}

core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptor.java

+1-5
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,6 @@
2525
import org.apache.commons.logging.LogFactory;
2626

2727
import org.springframework.aop.Pointcut;
28-
import org.springframework.aop.PointcutAdvisor;
29-
import org.springframework.aop.framework.AopInfrastructureBean;
30-
import org.springframework.core.Ordered;
3128
import org.springframework.core.log.LogMessage;
3229
import org.springframework.security.access.AccessDeniedException;
3330
import org.springframework.security.access.prepost.PostAuthorize;
@@ -48,8 +45,7 @@
4845
* @author Josh Cummings
4946
* @since 5.6
5047
*/
51-
public final class AuthorizationManagerAfterMethodInterceptor
52-
implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
48+
public final class AuthorizationManagerAfterMethodInterceptor implements AuthorizationAdvisor {
5349

5450
private Supplier<SecurityContextHolderStrategy> securityContextHolderStrategy = SecurityContextHolder::getContextHolderStrategy;
5551

core/src/main/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.java

+1-5
Original file line numberDiff line numberDiff line change
@@ -28,9 +28,6 @@
2828
import org.apache.commons.logging.LogFactory;
2929

3030
import org.springframework.aop.Pointcut;
31-
import org.springframework.aop.PointcutAdvisor;
32-
import org.springframework.aop.framework.AopInfrastructureBean;
33-
import org.springframework.core.Ordered;
3431
import org.springframework.core.log.LogMessage;
3532
import org.springframework.security.access.AccessDeniedException;
3633
import org.springframework.security.access.annotation.Secured;
@@ -52,8 +49,7 @@
5249
* @author Josh Cummings
5350
* @since 5.6
5451
*/
55-
public final class AuthorizationManagerBeforeMethodInterceptor
56-
implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
52+
public final class AuthorizationManagerBeforeMethodInterceptor implements AuthorizationAdvisor {
5753

5854
private Supplier<SecurityContextHolderStrategy> securityContextHolderStrategy = SecurityContextHolder::getContextHolderStrategy;
5955

core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptor.java

+1-5
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,6 @@
2323
import org.aopalliance.intercept.MethodInvocation;
2424

2525
import org.springframework.aop.Pointcut;
26-
import org.springframework.aop.PointcutAdvisor;
27-
import org.springframework.aop.framework.AopInfrastructureBean;
28-
import org.springframework.core.Ordered;
2926
import org.springframework.expression.EvaluationContext;
3027
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
3128
import org.springframework.security.access.prepost.PostFilter;
@@ -43,8 +40,7 @@
4340
* @author Josh Cummings
4441
* @since 5.6
4542
*/
46-
public final class PostFilterAuthorizationMethodInterceptor
47-
implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
43+
public final class PostFilterAuthorizationMethodInterceptor implements AuthorizationAdvisor {
4844

4945
private Supplier<SecurityContextHolderStrategy> securityContextHolderStrategy = SecurityContextHolder::getContextHolderStrategy;
5046

core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptor.java

+1-5
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,6 @@
2323
import org.aopalliance.intercept.MethodInvocation;
2424

2525
import org.springframework.aop.Pointcut;
26-
import org.springframework.aop.PointcutAdvisor;
27-
import org.springframework.aop.framework.AopInfrastructureBean;
28-
import org.springframework.core.Ordered;
2926
import org.springframework.expression.EvaluationContext;
3027
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
3128
import org.springframework.security.access.prepost.PreFilter;
@@ -44,8 +41,7 @@
4441
* @author Josh Cummings
4542
* @since 5.6
4643
*/
47-
public final class PreFilterAuthorizationMethodInterceptor
48-
implements Ordered, MethodInterceptor, PointcutAdvisor, AopInfrastructureBean {
44+
public final class PreFilterAuthorizationMethodInterceptor implements AuthorizationAdvisor {
4945

5046
private Supplier<SecurityContextHolderStrategy> securityContextHolderStrategy = SecurityContextHolder::getContextHolderStrategy;
5147

0 commit comments

Comments
 (0)