Skip to content

Add Reasons to AuthorizationDecisions #9287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Dec 16, 2020 · 2 comments
Closed

Add Reasons to AuthorizationDecisions #9287

jzheaux opened this issue Dec 16, 2020 · 2 comments
Labels
in: core An issue in spring-security-core status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Dec 16, 2020
edited
Loading

It's helpful to know why a security decision was made.

AuthorityReactiveAuthorizationManager and AuthorityAuthorizationManager could do this by constructing an AuthorityAuthorizationDecision:

public class AuthorityAuthorizationManager implements AuthorizationManager {
    // ...

    public static class AuthorityAuthorizationDecision extends AuthorizationDecision {
        private Collection<GrantedAuthority> authorities;

        public AuthorityAuthorizationDecision(boolean decision, GrantedAuthority... authorities) {
            super(decision);
            // ...
        }

        public Collection<GrantedAuthority> getAuthorities() { 
            return this.authorities;
        }
    }
}

Likewise with AuthenticatedReactiveAuthorizationManager, AuthenticatedAuthorizationManager and AuthenticatedAuthorizationDecision.

Each implementation would likely need to override toString to assist with logging authorization events.
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement status: ideal-for-contribution An issue that we actively are looking for someone to help us with labels Dec 16, 2020
This was referenced Dec 16, 2020
Merged
Open
@rwinch
Copy link
Member

rwinch commented Dec 17, 2020

What is the concrete use case for this?

@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 17, 2020

I was thinking of event logging. It's helpful in logs to know why access was granted to a resource, for example.

Initially, I was thinking of combining this ticket with #9286. Your question may be a hint that they go together.

@jzheaux jzheaux mentioned this issue Mar 29, 2021
Closed
marcusdacoregio added a commit to marcusdacoregio/spring-security that referenced this issue Oct 5, 2021
@marcusdacoregio
Add reasons to AuthorizationDecisions
636ac64 
Closes spring-projectsgh-9287
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: core An issue in spring-security-core status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rwinch @jzheaux