Skip to content

#11510: Add isFullyAuthenticated to AuthenticatedTrustResolver #11654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

#11510: Add isFullyAuthenticated to AuthenticatedTrustResolver #11654

wants to merge 4 commits into from

Conversation

karthikeyan-r
Copy link

Spring Security 11510 - Implemented isFullyAuthenticated function which is composition of isAnonymous & isRememberMe

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 30, 2022
@marcusdacoregio marcusdacoregio added in: core An issue in spring-security-core type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Aug 10, 2022
jzheaux
jzheaux requested changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @karthikeyan-r! Sorry for the delay, I've left some feedback inline.

Will you please also adjust the commit message to be like the following:

Commit Title

Closes gh-11510

@jzheaux
Copy link
Contributor

jzheaux commented Aug 16, 2022
edited
Loading

@karthikeyan-r, please also take a look at the ticket description to find the places to use this new method. Please change those places to use it.

@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Aug 25, 2022
@jzheaux jzheaux added this to the 5.8.0-M3 milestone Aug 25, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Aug 30, 2022

Hi, @karthikeyan-r. Are you able to make the requested changes?

@karthikeyan-r
Copy link
Author

Apologies for the delay @jzheaux, I was travelling & couldnt check and respond to your message. I will work on these comment & push code back in a day.

@karthikeyan-r
Copy link
Author

Regarding changes in AuthenticatedAuthorizationManager#fullyAuthenticated as mentioned in this issue,

FullyAuthenticatedAuthorizationStrategy is using composition of isGranted and isRememberMe - not isAnonymous. Please clarify on this.

private static final class FullyAuthenticatedAuthorizationStrategy extends AuthenticatedAuthorizationStrategy {

		@Override
		boolean isGranted(Authentication authentication) {
			return super.isGranted(authentication) && !this.trustResolver.isRememberMe(authentication);
		}

	}

@sjohnr sjohnr modified the milestones: 5.8.0-M3, 5.8.0-RC1 Sep 16, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Sep 20, 2022

Now it's my turn to delay, @karthikeyan-r! Thanks for your question.

If you follow the method isGranted to its implementation, you'll see that it is called isAnonymous also.

I believe it is correct to change the implementation of FullyAuthenticatedAuthorizationStrategy to do:

return this.trustResolver.isFullyAuthenticated(authentication);

@karthikeyan-r
Copy link
Author

Thanks for your suggestion @jzheaux, I have updated implementation

@jzheaux
Copy link
Contributor

jzheaux commented Oct 5, 2022

Thanks, @karthikeyan-r! It looks like there is a failing test. Can you check that out, please?

@karthikeyan-r
Copy link
Author

@jzheaux resolved that test failure. Added null check for authentication to fix that.

@sjohnr sjohnr modified the milestones: 5.8.0-RC1, 5.8.x Oct 18, 2022
@karthikeyan-r
Copy link
Author

@jzheaux any comments on this fix ?

@jzheaux
Copy link
Contributor

jzheaux commented Oct 26, 2022

Thanks for the updates, @karthikeyan-r! I'll take things from here. We won't be able to merge it just yet since we are in the RC phase of the next release, but I'll merge it right after that.

@jzheaux jzheaux modified the milestones: 5.8.x, 6.1.0-M1 Oct 26, 2022
@jzheaux
Copy link
Contributor

jzheaux commented Nov 29, 2022

Thanks, @karthikeyan-r! This is now merged into main with 5fcbb9f and will appear in the 6.1.0 release.

@jzheaux jzheaux closed this Nov 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux Awaiting requested review from jzheaux

Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
6.1.0-M1
Development

Successfully merging this pull request may close these issues.
5 participants
@karthikeyan-r @jzheaux @sjohnr @marcusdacoregio @spring-projects-issues