-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthorizationManager should return AuthorizationResult #14846
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
/* | ||
* Copyright 2002-2022 the original author or authors. | ||
* Copyright 2002-2024 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
|
@@ -33,7 +33,7 @@ public class AuthorizationObservationContext<T> extends Observation.Context { | |
|
||
private final T object; | ||
|
||
private AuthorizationDecision decision; | ||
private AuthorizationResult authorizationResult; | ||
|
||
public AuthorizationObservationContext(T object) { | ||
Assert.notNull(object, "object cannot be null"); | ||
|
@@ -73,15 +73,32 @@ public T getObject() { | |
* @return the observed {@link AuthorizationDecision} | ||
*/ | ||
public AuthorizationDecision getDecision() { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Let's deprecate this as well. |
||
return this.decision; | ||
return (AuthorizationDecision) this.authorizationResult; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please perform a type check here. The reason is so that the application can give a more informative error than Assert.isInstanceOf(AuthorizationDecision.class, "please call getAuthorizationResult instead. If you must call getDecision, please ensure that the result you provide is of type AuthorizationDecision");
return (AuthorizationDecision) this.authorizationResult; |
||
} | ||
|
||
/** | ||
* Set the observed {@link AuthorizationDecision} | ||
* @param decision the observed {@link AuthorizationDecision} | ||
*/ | ||
public void setDecision(AuthorizationDecision decision) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Let's deprecate this as well |
||
this.decision = decision; | ||
this.authorizationResult = decision; | ||
} | ||
|
||
/** | ||
* Get the observed {@link AuthorizationResult} | ||
* @return the observed {@link AuthorizationResult} | ||
* @since 6.4 | ||
*/ | ||
public AuthorizationResult getAuthorizationResult() { | ||
return this.authorizationResult; | ||
} | ||
|
||
/** | ||
* Set the observed {@link AuthorizationResult} | ||
* @param authorizationResult the observed {@link AuthorizationResult} | ||
* @since 6.4 | ||
*/ | ||
public void setAuthorizationResult(AuthorizationResult authorizationResult) { | ||
this.authorizationResult = authorizationResult; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
/* | ||
* Copyright 2002-2024 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.springframework.security.authorization; | ||
|
||
import java.util.function.Supplier; | ||
|
||
import org.springframework.security.core.Authentication; | ||
|
||
/** | ||
* An {@link AuthorizationEventPublisher} implementation that does not authorization publish events | ||
* | ||
* @author Max Batischev | ||
* @since 6.4 | ||
*/ | ||
public final class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd rather not introduce this in this PR. If you are able to make this package-private, I don't mind leaving it. Otherwise, let's stick with private inner classes for now, even though that's a bit of duplication. |
||
|
||
@Override | ||
public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object, AuthorizationDecision decision) { | ||
|
||
} | ||
|
||
@Override | ||
public <T> void publishAuthorizationEvent(Supplier<Authentication> authentication, T object, AuthorizationResult decision) { | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even though it's a default implementation, we should perform a type-safe check. Maybe you could do the following: