diff --git a/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java b/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java index 1a47fc455ab..9e3519abcff 100644 --- a/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java +++ b/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,19 +36,6 @@ class PointcutDelegatingAuthorizationManager implements AuthorizationManager authentication, MethodInvocation object) { - AuthorizationResult result = authorize(authentication, object); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please either call authorize or ensure that the returned result is of type AuthorizationDecision"); - } - @Override public AuthorizationResult authorize(Supplier authentication, MethodInvocation object) { for (Map.Entry> entry : this.managers.entrySet()) { diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java index 2c903ce5270..39b06dc8b1f 100644 --- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -53,6 +53,7 @@ import org.springframework.security.access.vote.ConsensusBased; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.config.Elements; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -463,7 +464,7 @@ private ExpressionBasedAuthorizationManager( } @Override - public AuthorizationDecision check(Supplier authentication, + public AuthorizationResult authorize(Supplier authentication, MessageAuthorizationContext object) { EvaluationContext context = this.expressionHandler.createEvaluationContext(authentication, object); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, context); diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java index 404750ee955..feb1141c693 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java @@ -93,7 +93,6 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; -import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.SpringAuthorizationEventPublisher; import org.springframework.security.authorization.event.AuthorizationDeniedEvent; import org.springframework.security.authorization.method.AuthorizationAdvisor; @@ -143,7 +142,6 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.atLeastOnce; import static org.mockito.Mockito.clearInvocations; -import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.spy; @@ -1555,8 +1553,6 @@ static class AuthorizationEventPublisherConfig { @Bean AuthorizationEventPublisher authorizationEventPublisher() { - doCallRealMethod().when(this.publisher) - .publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class)); return this.publisher; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java index 7d57cae2014..d81ce23d4c7 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java @@ -44,7 +44,6 @@ import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationObservationContext; -import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.SpringAuthorizationEventPublisher; import org.springframework.security.authorization.event.AuthorizationDeniedEvent; import org.springframework.security.config.ObjectPostProcessor; @@ -85,10 +84,8 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; -import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.any; import static org.mockito.Mockito.atLeastOnce; -import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; @@ -154,20 +151,17 @@ public void configureWhenMvcMatcherAfterAnyRequestThenException() { @Test public void configureMvcMatcherAccessAuthorizationManagerWhenNotNullThenVerifyUse() throws Exception { CustomAuthorizationManagerConfig.authorizationManager = mock(AuthorizationManager.class); - given(CustomAuthorizationManagerConfig.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.spring.register(CustomAuthorizationManagerConfig.class, BasicController.class).autowire(); this.mvc.perform(get("/")).andExpect(status().isOk()); - verify(CustomAuthorizationManagerConfig.authorizationManager).check(any(), any()); + verify(CustomAuthorizationManagerConfig.authorizationManager).authorize(any(), any()); } @Test public void configureNoParameterMvcMatcherAccessAuthorizationManagerWhenNotNullThenVerifyUse() throws Exception { CustomAuthorizationManagerNoParameterConfig.authorizationManager = mock(AuthorizationManager.class); - given(CustomAuthorizationManagerNoParameterConfig.authorizationManager.authorize(any(), any())) - .willCallRealMethod(); this.spring.register(CustomAuthorizationManagerNoParameterConfig.class, BasicController.class).autowire(); this.mvc.perform(get("/")).andExpect(status().isOk()); - verify(CustomAuthorizationManagerNoParameterConfig.authorizationManager).check(any(), any()); + verify(CustomAuthorizationManagerNoParameterConfig.authorizationManager).authorize(any(), any()); } @Test @@ -1284,8 +1278,6 @@ static class AuthorizationEventPublisherConfig { @Bean AuthorizationEventPublisher authorizationEventPublisher() { - doCallRealMethod().when(this.publisher) - .publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class)); return this.publisher; } diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index d75ce815d58..f7aa9b29143 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -124,8 +124,7 @@ public void validateCheckLoginPageIsntProtectedThrowsIllegalArgumentException() @Test public void validateCheckLoginPageAllowsAnonymous() { - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false)); this.validator.validate(this.chainAuthorizationFilter); verify(this.logger).warn("Anonymous access to the login page doesn't appear to be enabled. " + "This is almost certainly an error. Please check your configuration allows unauthenticated " diff --git a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java index c7f0590bc1b..9245a23ffcf 100644 --- a/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/http/HttpConfigTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -90,14 +90,13 @@ public void getWhenUsingAuthorizationManagerThenRedirectsToLogin() throws Except this.spring.configLocations(this.xml("AuthorizationManager")).autowire(); AuthorizationManager authorizationManager = this.spring.getContext() .getBean(AuthorizationManager.class); - given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); - given(authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false)); // @formatter:off this.mvc.perform(get("/")) .andExpect(status().isFound()) .andExpect(redirectedUrl("http://localhost/login")); // @formatter:on - verify(authorizationManager).check(any(), any()); + verify(authorizationManager).authorize(any(), any()); } @Test diff --git a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java index c71acbe5a44..307190ebf70 100644 --- a/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java +++ b/config/src/test/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecoratorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -168,10 +168,9 @@ public void transactionalAuthorizationManagerMethodsShouldBeSecured() { @Test public void targetCustomAuthorizationManagerUsed() { - given(this.mockAuthorizationManager.authorize(any(), any())).willCallRealMethod(); - given(this.mockAuthorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true)); + given(this.mockAuthorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true)); this.targetCustomAuthorizationManager.doSomething(); - verify(this.mockAuthorizationManager).check(any(), any()); + verify(this.mockAuthorizationManager).authorize(any(), any()); } @Override diff --git a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java index 37cddc91048..2628961622e 100644 --- a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,6 +39,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.config.annotation.method.configuration.MethodSecurityService; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; @@ -463,7 +464,7 @@ public boolean hasPermission(Authentication authentication, Serializable targetI static class MyAuthorizationManager implements AuthorizationManager { @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation object) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation object) { return new AuthorizationDecision("bob".equals(authentication.get().getName())); } diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java index 6e999933a28..d95d70fb422 100644 --- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -513,12 +513,11 @@ public void sendWhenCustomAuthorizationManagerThenAuthorizesAccordingly() { this.spring.configLocations(xml("CustomAuthorizationManagerConfig")).autowire(); AuthorizationManager> authorizationManager = this.spring.getContext() .getBean(AuthorizationManager.class); - given(authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); - given(authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false)); Message message = message("/any"); assertThatExceptionOfType(Exception.class).isThrownBy(send(message)) .withCauseInstanceOf(AccessDeniedException.class); - verify(authorizationManager).check(any(), any()); + verify(authorizationManager).authorize(any(), any()); } private String xml(String configName) { diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java index 8e636df1727..2e3e3b94dd9 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -111,7 +111,7 @@ public static AuthenticatedAuthorizationManager anonymous() { * @return an {@link AuthorizationDecision} */ @Override - public AuthorizationDecision check(Supplier authentication, T object) { + public AuthorizationResult authorize(Supplier authentication, T object) { boolean granted = this.authorizationStrategy.isGranted(authentication.get()); return new AuthorizationDecision(granted); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java index 553e94049e2..483be45e0ed 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,13 +39,13 @@ public class AuthenticatedReactiveAuthorizationManager implements ReactiveAut } @Override - public Mono check(Mono authentication, T object) { + public Mono authorize(Mono authentication, T object) { return authentication.filter(this::isNotAnonymous) .map(this::getAuthorizationDecision) .defaultIfEmpty(new AuthorizationDecision(false)); } - private AuthorizationDecision getAuthorizationDecision(Authentication authentication) { + private AuthorizationResult getAuthorizationDecision(Authentication authentication) { return new AuthorizationDecision(authentication.isAuthenticated()); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java index eedb9d8671b..a52df538b07 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -55,8 +55,7 @@ public void setRoleHierarchy(RoleHierarchy roleHierarchy) { * @return an {@link AuthorityAuthorizationDecision} */ @Override - public AuthorityAuthorizationDecision check(Supplier authentication, - Collection authorities) { + public AuthorizationResult authorize(Supplier authentication, Collection authorities) { boolean granted = isGranted(authentication.get(), authorities); return new AuthorityAuthorizationDecision(granted, AuthorityUtils.createAuthorityList(authorities)); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java index e71f99b37cc..f78f741dc4d 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -134,17 +134,11 @@ private static String[] toNamedRolesArray(String rolePrefix, String[] roles) { } /** - * Determines if the current user is authorized by evaluating if the - * {@link Authentication} contains a specified authority. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param object the {@link T} object to check - * @return an {@link AuthorizationDecision} - * @deprecated please use {@link #authorize(Supplier, Object)} instead + * {@inheritDoc} */ - @Deprecated @Override - public AuthorizationDecision check(Supplier authentication, T object) { - return this.delegate.check(authentication, this.authorities); + public AuthorizationResult authorize(Supplier authentication, T object) { + return this.delegate.authorize(authentication, this.authorities); } @Override diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java index 6a91cfb8938..a6dac1dd4c2 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,13 +43,13 @@ public class AuthorityReactiveAuthorizationManager implements ReactiveAuthori } @Override - public Mono check(Mono authentication, T object) { + public Mono authorize(Mono authentication, T object) { // @formatter:off return authentication.filter(Authentication::isAuthenticated) .flatMapIterable(Authentication::getAuthorities) .map(GrantedAuthority::getAuthority) .any((grantedAuthority) -> this.authorities.stream().anyMatch((authority) -> authority.getAuthority().equals(grantedAuthority))) - .map((granted) -> ((AuthorizationDecision) new AuthorityAuthorizationDecision(granted, this.authorities))) + .map((granted) -> ((AuthorizationResult) new AuthorityAuthorizationDecision(granted, this.authorities))) .defaultIfEmpty(new AuthorityAuthorizationDecision(false, this.authorities)); // @formatter:on } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationEventPublisher.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationEventPublisher.java index 9e738bff384..47c1f1cbc47 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationEventPublisher.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationEventPublisher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,23 +33,6 @@ @FunctionalInterface public interface AuthorizationEventPublisher { - /** - * Publish the given details in the form of an event, typically - * {@link AuthorizationGrantedEvent} or {@link AuthorizationDeniedEvent}. - * - * Note that success events can be very noisy if enabled by default. Because of this - * implementations may choose to drop success events by default. - * @param authentication a {@link Supplier} for the current user - * @param object the secured object - * @param decision the decision about whether the user may access the secured object - * @param the secured object's type - * @deprecated use - * {@link #publishAuthorizationEvent(Supplier, Object, AuthorizationResult)} instead - */ - @Deprecated - void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationDecision decision); - /** * Publish the given details in the form of an event, typically * {@link AuthorizationGrantedEvent} or {@link AuthorizationDeniedEvent}. @@ -63,17 +46,6 @@ void publishAuthorizationEvent(Supplier authentication, T ob * @param the secured object's type * @since 6.4 */ - default void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationResult result) { - if (result == null) { - publishAuthorizationEvent(authentication, object, null); - return; - } - if (result instanceof AuthorizationDecision decision) { - publishAuthorizationEvent(authentication, object, decision); - return; - } - throw new UnsupportedOperationException("result must be of type AuthorizationDecision"); - } + void publishAuthorizationEvent(Supplier authentication, T object, AuthorizationResult result); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java index b039068b228..4fdb5ab2605 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java @@ -45,17 +45,6 @@ default void verify(Supplier authentication, T object) { } } - /** - * Determines if access is granted for a specific authentication and object. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param object the {@link T} object to check - * @return an {@link AuthorizationDecision} or null if no decision could be made - * @deprecated please use {@link #authorize(Supplier, Object)} instead - */ - @Nullable - @Deprecated - AuthorizationDecision check(Supplier authentication, T object); - /** * Determines if access is granted for a specific authentication and object. * @param authentication the {@link Supplier} of the {@link Authentication} to @@ -65,8 +54,6 @@ default void verify(Supplier authentication, T object) { * @since 6.4 */ @Nullable - default AuthorizationResult authorize(Supplier authentication, T object) { - return check(authentication, object); - } + AuthorizationResult authorize(Supplier authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java index d0de9bd647c..4afd075cca9 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -182,18 +182,6 @@ public String toString() { private interface AuthorizationManagerCheckAdapter extends AuthorizationManager { @Override - default AuthorizationDecision check(Supplier authentication, T object) { - AuthorizationResult result = authorize(authentication, object); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "please call #authorize or ensure that the result is of type AuthorizationDecision"); - } - AuthorizationResult authorize(Supplier authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationObservationContext.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationObservationContext.java index 06c40e8fe02..41dbc03a84c 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationObservationContext.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationObservationContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -68,33 +68,6 @@ public T getObject() { return this.object; } - /** - * Get the observed {@link AuthorizationDecision} - * @return the observed {@link AuthorizationDecision} - * @deprecated please use {@link #getAuthorizationResult()} instead - */ - @Deprecated - public AuthorizationDecision getDecision() { - if (this.authorizationResult == null) { - return null; - } - if (this.authorizationResult instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please call getAuthorizationResult instead. If you must call getDecision, please ensure that the result you provide is of type AuthorizationDecision"); - } - - /** - * Set the observed {@link AuthorizationDecision} - * @param decision the observed {@link AuthorizationDecision} - * @deprecated please use {@link #setAuthorizationResult(AuthorizationResult)} instead - */ - @Deprecated - public void setDecision(AuthorizationDecision decision) { - this.authorizationResult = decision; - } - /** * Get the observed {@link AuthorizationResult} * @return the observed {@link AuthorizationResult} diff --git a/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java index 2c4a785f304..a101ecd97ac 100644 --- a/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java @@ -61,23 +61,6 @@ public ObservationAuthorizationManager(ObservationRegistry registry, Authorizati } } - /** - * @deprecated please use {@link #authorize(Supplier, Object)} instead - */ - @Deprecated - @Override - public AuthorizationDecision check(Supplier authentication, T object) { - AuthorizationResult result = authorize(authentication, object); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type AuthorizationDecision"); - } - @Override public AuthorizationResult authorize(Supplier authentication, T object) { AuthorizationObservationContext context = new AuthorizationObservationContext<>(object); diff --git a/core/src/main/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManager.java index 0ef9b3a4bec..cb4ca0edb14 100644 --- a/core/src/main/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManager.java @@ -56,21 +56,6 @@ public ObservationReactiveAuthorizationManager(ObservationRegistry registry, } } - /** - * @deprecated please use {@link #authorize(Mono, Object)} instead - */ - @Deprecated - @Override - public Mono check(Mono authentication, T object) { - return authorize(authentication, object).flatMap((result) -> { - if (result instanceof AuthorizationDecision decision) { - return Mono.just(decision); - } - return Mono.error(new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type Mono")); - }); - } - @Override public Mono authorize(Mono authentication, T object) { AuthorizationObservationContext context = new AuthorizationObservationContext<>(object); diff --git a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java index 860208c6f5a..36f4875fe93 100644 --- a/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ReactiveAuthorizationManager.java @@ -31,16 +31,6 @@ */ public interface ReactiveAuthorizationManager { - /** - * Determines if access is granted for a specific authentication and object. - * @param authentication the Authentication to check - * @param object the object to check - * @return an decision or empty Mono if no decision could be made. - * @deprecated please use {@link #authorize(Mono, Object)} instead - */ - @Deprecated - Mono check(Mono authentication, T object); - /** * Determines if access should be granted for a specific authentication and object * @param authentication the Authentication to check @@ -64,8 +54,6 @@ default Mono verify(Mono authentication, T object) { * @return an decision or empty Mono if no decision could be made. * @since 6.4 */ - default Mono authorize(Mono authentication, T object) { - return check(authentication, object).cast(AuthorizationResult.class); - } + Mono authorize(Mono authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java index e26122975d4..650c79ffbd6 100644 --- a/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java @@ -44,15 +44,10 @@ public SingleResultAuthorizationManager(AuthorizationResult result) { } @Override - public AuthorizationDecision check(Supplier authentication, C object) { + public AuthorizationResult authorize(Supplier authentication, C object) { if (!(this.result instanceof AuthorizationDecision)) { throw new IllegalArgumentException("result should be AuthorizationDecision"); } - return (AuthorizationDecision) this.result; - } - - @Override - public AuthorizationResult authorize(Supplier authentication, C object) { return this.result; } diff --git a/core/src/main/java/org/springframework/security/authorization/SpringAuthorizationEventPublisher.java b/core/src/main/java/org/springframework/security/authorization/SpringAuthorizationEventPublisher.java index 43e37c5523b..dc9907d53d4 100644 --- a/core/src/main/java/org/springframework/security/authorization/SpringAuthorizationEventPublisher.java +++ b/core/src/main/java/org/springframework/security/authorization/SpringAuthorizationEventPublisher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,12 +52,6 @@ public SpringAuthorizationEventPublisher(ApplicationEventPublisher eventPublishe /** * {@inheritDoc} */ - @Override - public void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationDecision decision) { - publishAuthorizationEvent(authentication, object, (AuthorizationResult) decision); - } - @Override public void publishAuthorizationEvent(Supplier authentication, T object, AuthorizationResult result) { diff --git a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java index 7121f7e25af..9fc53027ce4 100644 --- a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java +++ b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationDeniedEvent.java @@ -21,7 +21,6 @@ import org.springframework.context.ApplicationEvent; import org.springframework.core.ResolvableType; import org.springframework.core.ResolvableTypeProvider; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; @@ -35,14 +34,6 @@ @SuppressWarnings("serial") public class AuthorizationDeniedEvent extends AuthorizationEvent implements ResolvableTypeProvider { - /** - * @deprecated Please use an {@link AuthorizationResult} constructor instead - */ - @Deprecated - public AuthorizationDeniedEvent(Supplier authentication, T object, AuthorizationDecision decision) { - super(authentication, object, decision); - } - /** * @since 6.4 */ diff --git a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationEvent.java b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationEvent.java index d4bce6b586d..36e613a33a4 100644 --- a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationEvent.java +++ b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationEvent.java @@ -84,23 +84,6 @@ public Object getObject() { return getSource(); } - /** - * Get the response to the principal's request - * @return the response to the principal's request - * @deprecated please use {@link #getAuthorizationResult()} - */ - @Deprecated - public AuthorizationDecision getAuthorizationDecision() { - if (this.result == null) { - return null; - } - if (this.result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please either call getAuthorizationResult or ensure that the result is of type AuthorizationDecision"); - } - /** * Get the response to the principal's request * @return the response to the principal's request diff --git a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java index 9dc75ccd9b6..e4b5d0dd1f2 100644 --- a/core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java +++ b/core/src/main/java/org/springframework/security/authorization/event/AuthorizationGrantedEvent.java @@ -22,7 +22,6 @@ import org.springframework.context.ApplicationEvent; import org.springframework.core.ResolvableType; import org.springframework.core.ResolvableTypeProvider; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; @@ -38,16 +37,6 @@ public class AuthorizationGrantedEvent extends AuthorizationEvent implements @Serial private static final long serialVersionUID = -8690818228055810339L; - /** - * @deprecated please use a constructor that takes an - * {@link org.springframework.security.authorization.AuthorizationResult} - */ - @Deprecated - public AuthorizationGrantedEvent(Supplier authentication, T object, - AuthorizationDecision decision) { - super(authentication, object, decision); - } - /** * @since 6.4 */ diff --git a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java deleted file mode 100644 index 834910879ca..00000000000 --- a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2002-2021 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.authorization.method; - -import org.springframework.security.authorization.AuthorizationDecision; - -/** - * Represents an {@link AuthorizationDecision} based on a {@link ExpressionAttribute} - * - * @author Marcus Da Coregio - * @since 5.6 - * @deprecated Use - * {@link org.springframework.security.authorization.ExpressionAuthorizationDecision} - * instead - */ -@Deprecated -public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision { - - private final ExpressionAttribute expressionAttribute; - - public ExpressionAttributeAuthorizationDecision(boolean granted, ExpressionAttribute expressionAttribute) { - super(granted); - this.expressionAttribute = expressionAttribute; - } - - public ExpressionAttribute getExpressionAttribute() { - return this.expressionAttribute; - } - - @Override - public String toString() { - return getClass().getSimpleName() + " [" + "granted=" + isGranted() + ", expressionAttribute=" - + this.expressionAttribute + ']'; - } - -} diff --git a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java index 001a1c3a251..1012013e442 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java @@ -31,7 +31,6 @@ import org.springframework.lang.NonNull; import org.springframework.security.authorization.AuthoritiesAuthorizationManager; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.SingleResultAuthorizationManager; @@ -81,20 +80,12 @@ public void setRolePrefix(String rolePrefix) { } /** - * Determine if an {@link Authentication} has access to a method by evaluating the - * {@link DenyAll}, {@link PermitAll}, and {@link RolesAllowed} annotations that - * {@link MethodInvocation} specifies. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param methodInvocation the {@link MethodInvocation} to check - * @return an {@link AuthorizationDecision} or null if the JSR-250 security - * annotations is not present - * @deprecated please use {@link #authorize(Supplier, Object)} instead + * {@inheritDoc} */ - @Deprecated @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation methodInvocation) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation methodInvocation) { AuthorizationManager delegate = this.registry.getManager(methodInvocation); - return delegate.check(authentication, methodInvocation); + return delegate.authorize(authentication, methodInvocation); } private final class Jsr250AuthorizationManagerRegistry extends AbstractAuthorizationManagerRegistry { @@ -138,18 +129,6 @@ private Set getAllowedRolesWithPrefix(RolesAllowed rolesAllowed) { private interface AuthorizationManagerCheckAdapter extends AuthorizationManager { @Override - default AuthorizationDecision check(Supplier authentication, T object) { - AuthorizationResult result = authorize(authentication, object); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "please call #authorize or ensure that the result is of type AuthorizationDecision"); - } - AuthorizationResult authorize(Supplier authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java index 5a972f3e9f4..660adb74eaa 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,8 +25,8 @@ import org.springframework.security.access.expression.ExpressionUtils; import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.ExpressionAuthorizationDecision; import org.springframework.security.core.Authentication; import org.springframework.util.Assert; @@ -73,7 +73,7 @@ public void setExpressionHandler(SecurityExpressionHandler exp * expression */ @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation context) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation context) { EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx); return new ExpressionAuthorizationDecision(granted, this.expression); diff --git a/core/src/main/java/org/springframework/security/authorization/method/NoOpAuthorizationEventPublisher.java b/core/src/main/java/org/springframework/security/authorization/method/NoOpAuthorizationEventPublisher.java index 298fbd8dc2b..8310dc42089 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/NoOpAuthorizationEventPublisher.java +++ b/core/src/main/java/org/springframework/security/authorization/method/NoOpAuthorizationEventPublisher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,7 +18,6 @@ import java.util.function.Supplier; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; @@ -31,11 +30,6 @@ */ final class NoOpAuthorizationEventPublisher implements AuthorizationEventPublisher { - @Override - public void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationDecision decision) { - } - @Override public void publishAuthorizationEvent(Supplier authentication, T object, AuthorizationResult result) { diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java index 09d696b1714..a81d39edc1c 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -100,7 +100,7 @@ public void setApplicationContext(ApplicationContext context) { * {@link PostAuthorize} annotation is not present */ @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocationResult mi) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocationResult mi) { ExpressionAttribute attribute = this.registry.getAttribute(mi.getMethodInvocation()); if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) { return null; @@ -108,7 +108,7 @@ public AuthorizationDecision check(Supplier authentication, Meth MethodSecurityExpressionHandler expressionHandler = this.registry.getExpressionHandler(); EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi.getMethodInvocation()); expressionHandler.setReturnObject(mi.getResult(), ctx); - return (AuthorizationDecision) ExpressionUtils.evaluate(attribute.getExpression(), ctx); + return ExpressionUtils.evaluate(attribute.getExpression(), ctx); } @Override diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java index e69edcf3612..4a8d8302dc4 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -93,7 +93,7 @@ public void setApplicationContext(ApplicationContext context) { * {@link PostAuthorize} annotation is not present */ @Override - public Mono check(Mono authentication, MethodInvocationResult result) { + public Mono authorize(Mono authentication, MethodInvocationResult result) { MethodInvocation mi = result.getMethodInvocation(); ExpressionAttribute attribute = this.registry.getAttribute(mi); if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) { @@ -106,7 +106,7 @@ public Mono check(Mono authentication, Me .map((auth) -> expressionHandler.createEvaluationContext(auth, mi)) .doOnNext((ctx) -> expressionHandler.setReturnObject(result.getResult(), ctx)) .flatMap((ctx) -> ReactiveExpressionUtils.evaluate(attribute.getExpression(), ctx)) - .cast(AuthorizationDecision.class); + .cast(AuthorizationResult.class); // @formatter:on } diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java index 0960c7a2dbe..d28979a8d1c 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -92,13 +92,13 @@ public void setApplicationContext(ApplicationContext context) { * {@link PreAuthorize} annotation is not present */ @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation mi) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation mi) { ExpressionAttribute attribute = this.registry.getAttribute(mi); if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) { return null; } EvaluationContext ctx = this.registry.getExpressionHandler().createEvaluationContext(authentication, mi); - return (AuthorizationDecision) ExpressionUtils.evaluate(attribute.getExpression(), ctx); + return ExpressionUtils.evaluate(attribute.getExpression(), ctx); } @Override diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java index ddb0eb375de..bd6e5c075c4 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,7 +23,6 @@ import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler; import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.core.Authentication; @@ -88,11 +87,11 @@ public void setApplicationContext(ApplicationContext context) { * by evaluating an expression from the {@link PreAuthorize} annotation. * @param authentication the {@link Mono} of the {@link Authentication} to check * @param mi the {@link MethodInvocation} to check - * @return a {@link Mono} of the {@link AuthorizationDecision} or an empty - * {@link Mono} if the {@link PreAuthorize} annotation is not present + * @return a {@link Mono} of the {@link AuthorizationResult} or an empty {@link Mono} + * if the {@link PreAuthorize} annotation is not present */ @Override - public Mono check(Mono authentication, MethodInvocation mi) { + public Mono authorize(Mono authentication, MethodInvocation mi) { ExpressionAttribute attribute = this.registry.getAttribute(mi); if (attribute == ExpressionAttribute.NULL_ATTRIBUTE) { return Mono.empty(); @@ -101,7 +100,7 @@ public Mono check(Mono authentication, Me return authentication .map((auth) -> this.registry.getExpressionHandler().createEvaluationContext(auth, mi)) .flatMap((ctx) -> ReactiveExpressionUtils.evaluate(attribute.getExpression(), ctx)) - .cast(AuthorizationDecision.class); + .cast(AuthorizationResult.class); // @formatter:on } diff --git a/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java index efd5a34faa7..d36c268a33a 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,8 +29,8 @@ import org.springframework.core.MethodClassKey; import org.springframework.security.access.annotation.Secured; import org.springframework.security.authorization.AuthoritiesAuthorizationManager; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import org.springframework.security.core.annotation.SecurityAnnotationScanner; import org.springframework.security.core.annotation.SecurityAnnotationScanners; @@ -66,20 +66,11 @@ public void setAuthoritiesAuthorizationManager( this.authoritiesAuthorizationManager = authoritiesAuthorizationManager; } - /** - * Determine if an {@link Authentication} has access to a method by evaluating the - * {@link Secured} annotation that {@link MethodInvocation} specifies. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param mi the {@link MethodInvocation} to check - * @return an {@link AuthorizationDecision} or null if the {@link Secured} annotation - * is not present - * @deprecated please use {@link #authorize(Supplier, Object)} instead - */ - @Deprecated @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation mi) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation mi) { Set authorities = getAuthorities(mi); - return authorities.isEmpty() ? null : this.authoritiesAuthorizationManager.check(authentication, authorities); + return authorities.isEmpty() ? null + : this.authoritiesAuthorizationManager.authorize(authentication, authorities); } private Set getAuthorities(MethodInvocation methodInvocation) { diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedAuthorizationManagerTests.java index 98914bffc5b..084b71ffb7e 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,7 +43,7 @@ public void authenticatedWhenUserNotAnonymousAndAuthenticatedThenGrantedDecision "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -52,7 +52,7 @@ public void authenticatedWhenUserNullThenDeniedDecision() { Supplier authentication = () -> null; Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -62,7 +62,7 @@ public void authenticatedWhenUserAnonymousThenDeniedDecision() { AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -73,7 +73,7 @@ public void authenticatedWhenUserNotAuthenticatedThenDeniedDecision() { authentication.setAuthenticated(false); Object object = new Object(); - assertThat(manager.check(() -> authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(() -> authentication, object).isGranted()).isFalse(); } @Test @@ -82,7 +82,7 @@ public void authenticatedWhenUserRememberMeThenGrantedDecision() { Supplier authentication = () -> new RememberMeAuthenticationToken("user", "password", Collections.emptyList()); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -91,7 +91,7 @@ public void fullyAuthenticatedWhenUserNotAnonymousAndNotRememberMeThenGrantedDec Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN", "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -99,7 +99,7 @@ public void fullyAuthenticatedWhenUserNullThenDeniedDecision() { AuthenticatedAuthorizationManager manager = AuthenticatedAuthorizationManager.fullyAuthenticated(); Supplier authentication = () -> null; Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -108,7 +108,7 @@ public void fullyAuthenticatedWhenUserRememberMeThenDeniedDecision() { Supplier authentication = () -> new RememberMeAuthenticationToken("user", "password", Collections.emptyList()); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -117,7 +117,7 @@ public void fullyAuthenticatedWhenUserAnonymousThenDeniedDecision() { Supplier authentication = () -> new AnonymousAuthenticationToken("key", "principal", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -126,7 +126,7 @@ public void anonymousWhenUserAnonymousThenGrantedDecision() { Supplier authentication = () -> new AnonymousAuthenticationToken("key", "principal", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -135,7 +135,7 @@ public void anonymousWhenUserNotAnonymousThenDeniedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN", "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -144,7 +144,7 @@ public void rememberMeWhenUserRememberMeThenGrantedDecision() { Supplier authentication = () -> new RememberMeAuthenticationToken("user", "password", Collections.emptyList()); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -153,7 +153,7 @@ public void rememberMeWhenUserNotRememberMeThenDeniedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN", "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java index 2af0d29e9d3..08f803360a6 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,32 +46,32 @@ public class AuthenticatedReactiveAuthorizationManagerTests { @Test public void checkWhenAuthenticatedThenReturnTrue() { given(this.authentication.isAuthenticated()).willReturn(true); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isTrue(); } @Test public void checkWhenNotAuthenticatedThenReturnFalse() { - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenEmptyThenReturnFalse() { - boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.empty(), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenAnonymousAuthenticatedThenReturnFalse() { AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class); - boolean granted = this.manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(anonymousAuthenticationToken), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenErrorThenError() { - Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); + Mono result = this.manager.authorize(Mono.error(new RuntimeException("ooops")), null); // @formatter:off StepVerifier.create(result) .expectError() diff --git a/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java index 6474117ea41..7b0da548320 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthoritiesAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,14 +63,14 @@ void getRoleHierarchyWhenNotSetThenDefaultsToNullRoleHierarchy() { void checkWhenUserHasAnyAuthorityThenGrantedDecision() { AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager(); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "USER"); - assertThat(manager.check(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isTrue(); } @Test void checkWhenUserHasNotAnyAuthorityThenDeniedDecision() { AuthoritiesAuthorizationManager manager = new AuthoritiesAuthorizationManager(); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ANONYMOUS"); - assertThat(manager.check(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, Arrays.asList("ADMIN", "USER")).isGranted()).isFalse(); } @Test @@ -81,7 +81,7 @@ void checkWhenRoleHierarchySetThenGreaterRoleTakesPrecedence() { manager.setRoleHierarchy(roleHierarchy); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - assertThat(manager.check(authentication, Collections.singleton("ROLE_USER")).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, Collections.singleton("ROLE_USER")).isGranted()).isTrue(); } } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java index 73b3e045869..8cd700c51c5 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -123,7 +123,7 @@ public void hasRoleWhenUserHasRoleThenGrantedDecision() { "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -133,7 +133,7 @@ public void hasRoleWhenUserHasNotRoleThenDeniedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -144,7 +144,7 @@ public void hasAuthorityWhenUserHasAuthorityThenGrantedDecision() { "USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -154,7 +154,7 @@ public void hasAuthorityWhenUserHasNotAuthorityThenDeniedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -166,7 +166,7 @@ public void hasAuthorityWhenUserHasCustomAuthorityThenGrantedDecision() { Collections.singletonList(customGrantedAuthority)); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -178,7 +178,7 @@ public void hasAuthorityWhenUserHasNotCustomAuthorityThenDeniedDecision() { Collections.singletonList(customGrantedAuthority)); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -188,7 +188,7 @@ public void hasAnyRoleWhenUserHasAnyRoleThenGrantedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -199,7 +199,7 @@ public void hasAnyRoleWhenUserHasNotAnyRoleThenDeniedDecision() { "ROLE_ANONYMOUS"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -210,7 +210,7 @@ public void hasAnyRoleWhenCustomRolePrefixProvidedThenUseCustomRolePrefix() { "CUSTOM_USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -220,7 +220,7 @@ public void hasAnyAuthorityWhenUserHasAnyAuthorityThenGrantedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "USER"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } @Test @@ -230,7 +230,7 @@ public void hasAnyAuthorityWhenUserHasNotAnyAuthorityThenDeniedDecision() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ANONYMOUS"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isFalse(); + assertThat(manager.authorize(authentication, object).isGranted()).isFalse(); } @Test @@ -263,7 +263,7 @@ public void hasRoleWhenRoleHierarchySetThenGreaterRoleTakesPrecedence() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); Object object = new Object(); - assertThat(manager.check(authentication, object).isGranted()).isTrue(); + assertThat(manager.authorize(authentication, object).isGranted()).isTrue(); } // gh-13079 diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java index 9324f020fc1..c2e0eb68f23 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorityReactiveAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -47,19 +47,19 @@ public class AuthorityReactiveAuthorizationManagerTests { @Test public void checkWhenHasAuthorityAndNotAuthenticatedThenReturnFalse() { - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndEmptyThenReturnFalse() { - boolean granted = this.manager.check(Mono.empty(), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.empty(), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndErrorThenError() { - Mono result = this.manager.check(Mono.error(new RuntimeException("ooops")), null); + Mono result = this.manager.authorize(Mono.error(new RuntimeException("ooops")), null); // @formatter:off StepVerifier.create(result) .expectError() @@ -71,21 +71,21 @@ public void checkWhenHasAuthorityAndErrorThenError() { public void checkWhenHasAuthorityAndAuthenticatedAndNoAuthoritiesThenReturnFalse() { given(this.authentication.isAuthenticated()).willReturn(true); given(this.authentication.getAuthorities()).willReturn(Collections.emptyList()); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthenticatedAndWrongAuthoritiesThenReturnFalse() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @Test public void checkWhenHasAuthorityAndAuthorizedThenReturnTrue() { this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isTrue(); } @@ -94,7 +94,7 @@ public void checkWhenHasCustomAuthorityAndAuthorizedThenReturnTrue() { GrantedAuthority customGrantedAuthority = () -> "ADMIN"; this.authentication = new TestingAuthenticationToken("rob", "secret", Collections.singletonList(customGrantedAuthority)); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isTrue(); } @@ -103,7 +103,7 @@ public void checkWhenHasCustomAuthorityAndAuthenticatedAndWrongAuthoritiesThenRe GrantedAuthority customGrantedAuthority = () -> "USER"; this.authentication = new TestingAuthenticationToken("rob", "secret", Collections.singletonList(customGrantedAuthority)); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @@ -111,7 +111,7 @@ public void checkWhenHasCustomAuthorityAndAuthenticatedAndWrongAuthoritiesThenRe public void checkWhenHasRoleAndAuthorizedThenReturnTrue() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isTrue(); } @@ -119,7 +119,7 @@ public void checkWhenHasRoleAndAuthorizedThenReturnTrue() { public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } @@ -128,7 +128,7 @@ public void checkWhenHasAnyRoleAndAuthorizedThenReturnTrue() { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "ROLE_USER", "ROLE_AUDITING", "ROLE_ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isTrue(); } @@ -136,7 +136,7 @@ public void checkWhenHasAnyRoleAndAuthorizedThenReturnTrue() { public void checkWhenHasAnyRoleAndNotAuthorizedThenReturnFalse() { this.manager = AuthorityReactiveAuthorizationManager.hasAnyRole("GENERAL", "USER", "TEST"); this.authentication = new TestingAuthenticationToken("rob", "secret", "USER", "AUDITING", "ADMIN"); - boolean granted = this.manager.check(Mono.just(this.authentication), null).block().isGranted(); + boolean granted = this.manager.authorize(Mono.just(this.authentication), null).block().isGranted(); assertThat(granted).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authorization/AuthorizationManagersTests.java b/core/src/test/java/org/springframework/security/authorization/AuthorizationManagersTests.java index 13985ab162d..77e47a638f1 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthorizationManagersTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthorizationManagersTests.java @@ -31,7 +31,7 @@ class AuthorizationManagersTests { void checkAnyOfWhenOneGrantedThenGrantedDecision() { AuthorizationManager composed = AuthorizationManagers.anyOf(SingleResultAuthorizationManager.permitAll(), SingleResultAuthorizationManager.permitAll()); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -41,7 +41,7 @@ void checkAnyOfWithAllAbstainDefaultDecisionWhenOneGrantedThenGrantedDecision() AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> new AuthorizationDecision(false), (a, o) -> new AuthorizationDecision(true)); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -51,7 +51,7 @@ void checkAnyOfWithAllAbstainDefaultDecisionWhenOneGrantedThenGrantedDecision() void checkAnyOfWhenAllNonAbstainingDeniesThenDeniedDecision() { AuthorizationManager composed = AuthorizationManagers.anyOf((a, o) -> new AuthorizationDecision(false), (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -59,7 +59,7 @@ void checkAnyOfWhenAllNonAbstainingDeniesThenDeniedDecision() { @Test void checkAnyOfWhenEmptyThenDeniedDecision() { AuthorizationManager composed = AuthorizationManagers.anyOf(); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -68,7 +68,7 @@ void checkAnyOfWhenEmptyThenDeniedDecision() { void checkAnyOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -77,7 +77,7 @@ void checkAnyOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision( void checkAnyOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true); AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -86,7 +86,7 @@ void checkAnyOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecisio void checkAnyOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecision() { AuthorizationDecision allAbstainDefaultDecision = null; AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNull(); } @@ -94,7 +94,7 @@ void checkAnyOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecisio void checkAnyOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGrantedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true); AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -103,7 +103,7 @@ void checkAnyOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGr void checkAnyOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDeniedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -112,7 +112,7 @@ void checkAnyOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDen void checkAnyOfWhenAllAbstainDefaultDecisionIsAbstainAndAllManagersAbstainThenAbstainDecision() { AuthorizationDecision allAbstainDefaultDecision = null; AuthorizationManager composed = AuthorizationManagers.anyOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNull(); } @@ -120,7 +120,7 @@ void checkAnyOfWhenAllAbstainDefaultDecisionIsAbstainAndAllManagersAbstainThenAb void checkAllOfWhenAllGrantedThenGrantedDecision() { AuthorizationManager composed = AuthorizationManagers.allOf(SingleResultAuthorizationManager.permitAll(), SingleResultAuthorizationManager.permitAll()); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -130,7 +130,7 @@ void checkAllOfWithAllAbstainDefaultDecisionWhenAllGrantedThenGrantedDecision() AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> new AuthorizationDecision(true), (a, o) -> new AuthorizationDecision(true)); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -140,7 +140,7 @@ void checkAllOfWithAllAbstainDefaultDecisionWhenAllGrantedThenGrantedDecision() void checkAllOfWhenAllNonAbstainingGrantsThenGrantedDecision() { AuthorizationManager composed = AuthorizationManagers.allOf((a, o) -> new AuthorizationDecision(true), (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -149,7 +149,7 @@ void checkAllOfWhenAllNonAbstainingGrantsThenGrantedDecision() { void checkAllOfWhenOneDeniedThenDeniedDecision() { AuthorizationManager composed = AuthorizationManagers.allOf((a, o) -> new AuthorizationDecision(true), (a, o) -> new AuthorizationDecision(false)); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -159,7 +159,7 @@ void checkAllOfWithAllAbstainDefaultDecisionWhenOneDeniedThenDeniedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, SingleResultAuthorizationManager.permitAll(), SingleResultAuthorizationManager.denyAll()); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -167,7 +167,7 @@ void checkAllOfWithAllAbstainDefaultDecisionWhenOneDeniedThenDeniedDecision() { @Test void checkAllOfWhenEmptyThenGrantedDecision() { AuthorizationManager composed = AuthorizationManagers.allOf(); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -176,7 +176,7 @@ void checkAllOfWhenEmptyThenGrantedDecision() { void checkAllOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -185,7 +185,7 @@ void checkAllOfWithAllAbstainDefaultDecisionIsDeniedWhenEmptyThenDeniedDecision( void checkAllOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -194,7 +194,7 @@ void checkAllOfWithAllAbstainDefaultDecisionIsGrantedWhenEmptyThenGrantedDecisio void checkAllOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecision() { AuthorizationDecision allAbstainDefaultDecision = null; AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNull(); } @@ -202,7 +202,7 @@ void checkAllOfWithAllAbstainDefaultDecisionIsAbstainWhenEmptyThenAbstainDecisio void checkAllOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDeniedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(false); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -211,7 +211,7 @@ void checkAllOfWhenAllAbstainDefaultDecisionIsDeniedAndAllManagersAbstainThenDen void checkAllOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGrantedDecision() { AuthorizationDecision allAbstainDefaultDecision = new AuthorizationDecision(true); AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -220,21 +220,21 @@ void checkAllOfWhenAllAbstainDefaultDecisionIsGrantedAndAllManagersAbstainThenGr void checkAllOfWhenAllAbstainDefaultDecisionIsAbstainAndAllManagersAbstainThenAbstainDecision() { AuthorizationDecision allAbstainDefaultDecision = null; AuthorizationManager composed = AuthorizationManagers.allOf(allAbstainDefaultDecision, (a, o) -> null); - AuthorizationDecision decision = composed.check(null, null); + AuthorizationResult decision = composed.authorize(null, null); assertThat(decision).isNull(); } @Test void checkNotWhenEmptyThenAbstainedDecision() { AuthorizationManager negated = AuthorizationManagers.not((a, o) -> null); - AuthorizationDecision decision = negated.check(null, null); + AuthorizationResult decision = negated.authorize(null, null); assertThat(decision).isNull(); } @Test void checkNotWhenGrantedThenDeniedDecision() { AuthorizationManager negated = AuthorizationManagers.not((a, o) -> new AuthorizationDecision(true)); - AuthorizationDecision decision = negated.check(null, null); + AuthorizationResult decision = negated.authorize(null, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } diff --git a/core/src/test/java/org/springframework/security/authorization/ObservationAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/ObservationAuthorizationManagerTests.java index bb2ccd8faab..1b3979d70a4 100644 --- a/core/src/test/java/org/springframework/security/authorization/ObservationAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/ObservationAuthorizationManagerTests.java @@ -73,8 +73,7 @@ void setup() { @Test void verifyWhenDefaultsThenObserves() { given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willReturn(this.grant); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(this.grant); this.tested.verify(this.token, this.object); ArgumentCaptor captor = ArgumentCaptor.forClass(Observation.Context.class); verify(this.handler).onStart(captor.capture()); @@ -84,7 +83,7 @@ void verifyWhenDefaultsThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isNull(); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.grant); + assertThat(context.getAuthorizationResult()).isEqualTo(this.grant); } @Test @@ -92,8 +91,7 @@ void verifyWhenErrorsThenObserves() { MessageSource source = mock(MessageSource.class); this.tested.setMessageSource(source); given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willReturn(this.deny); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(this.deny); given(source.getMessage(eq("AbstractAccessDecisionManager.accessDenied"), any(), any(), any())) .willReturn("accessDenied"); assertThatExceptionOfType(AccessDeniedException.class) @@ -108,17 +106,16 @@ void verifyWhenErrorsThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isNull(); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.deny); + assertThat(context.getAuthorizationResult()).isEqualTo(this.deny); } @Test void verifyWhenLooksUpAuthenticationThenObserves() { given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willAnswer((invocation) -> { + given(this.authorizationManager.authorize(any(), any())).willAnswer((invocation) -> { ((Supplier) invocation.getArgument(0)).get(); return this.grant; }); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.tested.verify(this.token, this.object); ArgumentCaptor captor = ArgumentCaptor.forClass(Observation.Context.class); verify(this.handler).onStart(captor.capture()); @@ -127,7 +124,7 @@ void verifyWhenLooksUpAuthenticationThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isEqualTo(this.token.get()); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.grant); + assertThat(context.getAuthorizationResult()).isEqualTo(this.grant); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManagerTests.java index d3eb935cc7f..05507361d2e 100644 --- a/core/src/test/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/ObservationReactiveAuthorizationManagerTests.java @@ -69,8 +69,7 @@ void setup() { @Test void verifyWhenDefaultsThenObserves() { given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willReturn(Mono.just(this.grant)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(Mono.just(this.grant)); this.tested.verify(this.token, this.object).block(); ArgumentCaptor captor = ArgumentCaptor.forClass(Observation.Context.class); verify(this.handler).onStart(captor.capture()); @@ -80,14 +79,13 @@ void verifyWhenDefaultsThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isNull(); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.grant); + assertThat(context.getAuthorizationResult()).isEqualTo(this.grant); } @Test void verifyWhenErrorsThenObserves() { given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willReturn(Mono.just(this.deny)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(Mono.just(this.deny)); assertThatExceptionOfType(AccessDeniedException.class) .isThrownBy(() -> this.tested.verify(this.token, this.object).block()); ArgumentCaptor captor = ArgumentCaptor.forClass(Observation.Context.class); @@ -98,17 +96,16 @@ void verifyWhenErrorsThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isNull(); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.deny); + assertThat(context.getAuthorizationResult()).isEqualTo(this.deny); } @Test void verifyWhenLooksUpAuthenticationThenObserves() { given(this.handler.supportsContext(any())).willReturn(true); - given(this.authorizationManager.check(any(), any())).willAnswer((invocation) -> { + given(this.authorizationManager.authorize(any(), any())).willAnswer((invocation) -> { ((Mono) invocation.getArgument(0)).block(); return Mono.just(this.grant); }); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.tested.verify(this.token, this.object).block(); ArgumentCaptor captor = ArgumentCaptor.forClass(Observation.Context.class); verify(this.handler).onStart(captor.capture()); @@ -117,7 +114,7 @@ void verifyWhenLooksUpAuthenticationThenObserves() { AuthorizationObservationContext context = (AuthorizationObservationContext) captor.getValue(); assertThat(context.getAuthentication()).isEqualTo(this.token.block()); assertThat(context.getObject()).isEqualTo(this.object); - assertThat(context.getDecision()).isEqualTo(this.grant); + assertThat(context.getAuthorizationResult()).isEqualTo(this.grant); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/SingleResultAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/SingleResultAuthorizationManagerTests.java index bb4320312a7..0dd27fe69bd 100644 --- a/core/src/test/java/org/springframework/security/authorization/SingleResultAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/SingleResultAuthorizationManagerTests.java @@ -43,7 +43,7 @@ void authorizeWhenManagerWithGrantedAuthorizationResultIsCreatedThenAuthorizes() void checkWhenManagerWithGrantedDecisionIsCreatedThenAuthorizes() { this.manager = new SingleResultAuthorizationManager<>(new AuthorizationDecision(true)); - AuthorizationResult result = this.manager.check(null, null); + AuthorizationResult result = this.manager.authorize(null, null); assertThat(result.isGranted()).isTrue(); } @@ -52,7 +52,7 @@ void checkWhenManagerWithGrantedDecisionIsCreatedThenAuthorizes() { void checkWhenManagerWithGrantedCustomAuthorizationResultIsCreatedThenFails() { this.manager = new SingleResultAuthorizationManager<>((AuthorizationResult) () -> true); - assertThatIllegalArgumentException().isThrownBy(() -> this.manager.check(null, null)); + assertThatIllegalArgumentException().isThrownBy(() -> this.manager.authorize(null, null)); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java index 850568dca56..1b8b441a8a1 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,7 +42,6 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.mockito.ArgumentMatchers.any; import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -75,12 +74,11 @@ public void beforeWhenMockAuthorizationManagerThenCheckAndReturnedObject() throw MethodInvocationResult result = new MethodInvocationResult(mockMethodInvocation, new Object()); given(mockMethodInvocation.proceed()).willReturn(result.getResult()); AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); - given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor( Pointcut.TRUE, mockAuthorizationManager); Object returnedObject = advice.invoke(mockMethodInvocation); assertThat(returnedObject).isEqualTo(result.getResult()); - verify(mockAuthorizationManager).check(any(Supplier.class), any(MethodInvocationResult.class)); + verify(mockAuthorizationManager).authorize(any(Supplier.class), any(MethodInvocationResult.class)); } @Test @@ -130,8 +128,6 @@ public void invokeWhenAuthorizationEventPublisherThenUses() throws Throwable { AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor( Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated()); AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class); - doCallRealMethod().when(eventPublisher) - .publishAuthorizationEvent(any(Supplier.class), any(), any(AuthorizationResult.class)); advice.setAuthorizationEventPublisher(eventPublisher); SecurityContext securityContext = new SecurityContextImpl(); @@ -152,9 +148,8 @@ public void invokeWhenCustomAuthorizationDeniedExceptionThenThrows() throws Thro MethodInvocation mi = mock(MethodInvocation.class); given(mi.proceed()).willReturn("ok"); AuthorizationManager manager = mock(AuthorizationManager.class); - given(manager.check(any(), any())) + given(manager.authorize(any(), any())) .willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false))); - given(manager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterMethodInterceptor advice = new AuthorizationManagerAfterMethodInterceptor( Pointcut.TRUE, manager); assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(mi)); diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java index 218d63bfb4b..794fc7bbcd3 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterReactiveMethodInterceptorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -70,16 +70,15 @@ public void invokeMonoWhenMockReactiveAuthorizationManagerThenVerify() throws Th given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), any())) + given(mockReactiveAuthorizationManager.authorize(any(), any())) .willReturn(Mono.just(new AuthorizationDecision(true))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("john"); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -89,9 +88,8 @@ public void invokeFluxWhenMockReactiveAuthorizationManagerThenVerify() throws Th given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), any())) + given(mockReactiveAuthorizationManager.authorize(any(), any())) .willReturn(Mono.just(new AuthorizationDecision(true))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -99,7 +97,7 @@ public void invokeFluxWhenMockReactiveAuthorizationManagerThenVerify() throws Th .extracting(Flux::collectList) .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) .containsExactly("john", "bob"); - verify(mockReactiveAuthorizationManager, times(2)).check(any(), any()); + verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any()); } @Test @@ -109,9 +107,8 @@ public void invokeWhenMockReactiveAuthorizationManagerDeniedThenAccessDeniedExce given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), any())) + given(mockReactiveAuthorizationManager.authorize(any(), any())) .willReturn(Mono.just(new AuthorizationDecision(false))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -119,7 +116,7 @@ public void invokeWhenMockReactiveAuthorizationManagerDeniedThenAccessDeniedExce .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block)) .withMessage("Access Denied"); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -132,8 +129,7 @@ public void invokeFluxWhenAllValuesDeniedAndPostProcessorThenPostProcessorApplie HandlingReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class))) .willAnswer(this::masking); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -141,7 +137,7 @@ public void invokeFluxWhenAllValuesDeniedAndPostProcessorThenPostProcessorApplie .extracting(Flux::collectList) .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) .containsExactly("john-masked", "bob-masked"); - verify(mockReactiveAuthorizationManager, times(2)).check(any(), any()); + verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any()); } @Test @@ -159,8 +155,7 @@ public void invokeFluxWhenOneValueDeniedAndPostProcessorThenPostProcessorApplied } return Mono.just(argument.getResult()); }); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -168,7 +163,7 @@ public void invokeFluxWhenOneValueDeniedAndPostProcessorThenPostProcessorApplied .extracting(Flux::collectList) .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) .containsExactly("john", "bob-masked"); - verify(mockReactiveAuthorizationManager, times(2)).check(any(), any()); + verify(mockReactiveAuthorizationManager, times(2)).authorize(any(), any()); } @Test @@ -180,15 +175,14 @@ public void invokeMonoWhenPostProcessableDecisionThenPostProcess() throws Throwa HandlingReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class))) .willAnswer(this::masking); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("john-masked"); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -200,15 +194,14 @@ public void invokeMonoWhenPostProcessableDecisionAndPostProcessResultIsMonoThenP HandlingReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class))) .willAnswer(this::monoMasking); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("john-masked"); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -220,15 +213,14 @@ public void invokeMonoWhenPostProcessableDecisionAndPostProcessResultIsNullThenP HandlingReactiveAuthorizationManager.class); given(mockReactiveAuthorizationManager.handleDeniedInvocationResult(any(), any(AuthorizationResult.class))) .willReturn(null); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo(null); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -238,8 +230,7 @@ public void invokeMonoWhenEmptyDecisionThenUseDefaultPostProcessor() throws Thro given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), any())).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), any())).willReturn(Mono.empty()); AuthorizationManagerAfterReactiveMethodInterceptor interceptor = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -247,7 +238,7 @@ public void invokeMonoWhenEmptyDecisionThenUseDefaultPostProcessor() throws Thro .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block)) .withMessage("Access Denied"); - verify(mockReactiveAuthorizationManager).check(any(), any()); + verify(mockReactiveAuthorizationManager).authorize(any(), any()); } @Test @@ -256,9 +247,8 @@ public void invokeWhenCustomAuthorizationDeniedExceptionThenThrows() throws Thro new MockMethodInvocation(new Sample(), Sample.class.getDeclaredMethod("mono"))); given(mockMethodInvocation.proceed()).willReturn(Mono.just("ok")); ReactiveAuthorizationManager manager = mock(ReactiveAuthorizationManager.class); - given(manager.check(any(), any())) + given(manager.authorize(any(), any())) .willReturn(Mono.error(new MyAuthzDeniedException("denied", new AuthorizationDecision(false)))); - given(manager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerAfterReactiveMethodInterceptor advice = new AuthorizationManagerAfterReactiveMethodInterceptor( Pointcut.TRUE, manager); assertThatExceptionOfType(MyAuthzDeniedException.class) diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java index f56acd5add0..f39c20d0844 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -41,7 +41,6 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -71,11 +70,10 @@ public void instantiateWhenAuthorizationManagerNullThenException() { public void beforeWhenMockAuthorizationManagerThenCheck() throws Throwable { MethodInvocation mockMethodInvocation = mock(MethodInvocation.class); AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); - given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( Pointcut.TRUE, mockAuthorizationManager); advice.invoke(mockMethodInvocation); - verify(mockAuthorizationManager).check(any(Supplier.class), eq(mockMethodInvocation)); + verify(mockAuthorizationManager).authorize(any(Supplier.class), eq(mockMethodInvocation)); } @Test @@ -125,7 +123,6 @@ public void invokeWhenAuthorizationEventPublisherThenUses() throws Throwable { AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( Pointcut.TRUE, AuthenticatedAuthorizationManager.authenticated()); AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class); - doCallRealMethod().when(eventPublisher).publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class)); advice.setAuthorizationEventPublisher(eventPublisher); SecurityContext securityContext = new SecurityContextImpl(); @@ -144,9 +141,8 @@ public void invokeWhenAuthorizationEventPublisherThenUses() throws Throwable { @Test public void invokeWhenCustomAuthorizationDeniedExceptionThenThrows() { AuthorizationManager manager = mock(AuthorizationManager.class); - given(manager.check(any(), any())) + given(manager.authorize(any(), any())) .willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false))); - given(manager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( Pointcut.TRUE, manager); assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(null)); diff --git a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java index 468e1bb3e53..3cddd4fb3ef 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -70,16 +70,15 @@ public void invokeMonoWhenMockReactiveAuthorizationManagerThenVerify() throws Th given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))) + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))) .willReturn(Mono.just(new AuthorizationDecision(true))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("john"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -89,9 +88,8 @@ public void invokeFluxWhenMockReactiveAuthorizationManagerThenVerify() throws Th given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))) + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))) .willReturn(Mono.just(new AuthorizationDecision((true)))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -99,7 +97,7 @@ public void invokeFluxWhenMockReactiveAuthorizationManagerThenVerify() throws Th .extracting(Flux::collectList) .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) .containsExactly("john", "bob"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -109,9 +107,8 @@ public void invokeWhenMockReactiveAuthorizationManagerDeniedThenAccessDeniedExce given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))) + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))) .willReturn(Mono.just(new AuthorizationDecision(false))); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -119,7 +116,7 @@ public void invokeWhenMockReactiveAuthorizationManagerDeniedThenAccessDeniedExce .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block)) .withMessage("Access Denied"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -129,8 +126,7 @@ public void invokeMonoWhenDeniedAndPostProcessorThenInvokePostProcessor() throws given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( HandlingReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class))) .willReturn("***"); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( @@ -139,7 +135,7 @@ public void invokeMonoWhenDeniedAndPostProcessorThenInvokePostProcessor() throws assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("***"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -149,8 +145,7 @@ public void invokeMonoWhenDeniedAndMonoPostProcessorThenInvokePostProcessor() th given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( HandlingReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class))) .willReturn(Mono.just("***")); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( @@ -159,7 +154,7 @@ public void invokeMonoWhenDeniedAndMonoPostProcessorThenInvokePostProcessor() th assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block) .isEqualTo("***"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -169,8 +164,7 @@ public void invokeFluxWhenDeniedAndPostProcessorThenInvokePostProcessor() throws given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob")); HandlingReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( HandlingReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); given(mockReactiveAuthorizationManager.handleDeniedInvocation(any(), any(AuthorizationResult.class))) .willReturn(Mono.just("***")); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( @@ -180,7 +174,7 @@ public void invokeFluxWhenDeniedAndPostProcessorThenInvokePostProcessor() throws .extracting(Flux::collectList) .extracting(Mono::block, InstanceOfAssertFactories.list(String.class)) .containsExactly("***"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -190,8 +184,7 @@ public void invokeMonoWhenEmptyDecisionThenInvokeDefaultPostProcessor() throws T given(mockMethodInvocation.proceed()).willReturn(Mono.just("john")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -199,7 +192,7 @@ public void invokeMonoWhenEmptyDecisionThenInvokeDefaultPostProcessor() throws T .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Mono.class)) .extracting(Mono::block)) .withMessage("Access Denied"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -209,8 +202,7 @@ public void invokeFluxWhenEmptyDecisionThenInvokeDefaultPostProcessor() throws T given(mockMethodInvocation.proceed()).willReturn(Flux.just("john", "bob")); ReactiveAuthorizationManager mockReactiveAuthorizationManager = mock( ReactiveAuthorizationManager.class); - given(mockReactiveAuthorizationManager.check(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); - given(mockReactiveAuthorizationManager.authorize(any(), any())).willCallRealMethod(); + given(mockReactiveAuthorizationManager.authorize(any(), eq(mockMethodInvocation))).willReturn(Mono.empty()); AuthorizationManagerBeforeReactiveMethodInterceptor interceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, mockReactiveAuthorizationManager); Object result = interceptor.invoke(mockMethodInvocation); @@ -218,7 +210,7 @@ public void invokeFluxWhenEmptyDecisionThenInvokeDefaultPostProcessor() throws T .isThrownBy(() -> assertThat(result).asInstanceOf(InstanceOfAssertFactories.type(Flux.class)) .extracting(Flux::blockFirst)) .withMessage("Access Denied"); - verify(mockReactiveAuthorizationManager).check(any(), eq(mockMethodInvocation)); + verify(mockReactiveAuthorizationManager).authorize(any(), eq(mockMethodInvocation)); } @Test @@ -226,9 +218,8 @@ public void invokeWhenCustomAuthorizationDeniedExceptionThenThrows() throws Thro MethodInvocation mockMethodInvocation = spy( new MockMethodInvocation(new Sample(), Sample.class.getDeclaredMethod("flux"))); ReactiveAuthorizationManager manager = mock(ReactiveAuthorizationManager.class); - given(manager.check(any(), any())) + given(manager.authorize(any(), any())) .willThrow(new MyAuthzDeniedException("denied", new AuthorizationDecision(false))); - given(manager.authorize(any(), any())).willCallRealMethod(); AuthorizationManagerBeforeReactiveMethodInterceptor advice = new AuthorizationManagerBeforeReactiveMethodInterceptor( Pointcut.TRUE, manager); assertThatExceptionOfType(MyAuthzDeniedException.class) diff --git a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java index 1b7d6e7a228..f8ea5b7099b 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,15 +31,13 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -80,16 +78,15 @@ public void setAuthoritiesAuthorizationManagerWhenNullThenException() { @Test public void setAuthoritiesAuthorizationManagerWhenNotNullThenVerifyUsage() throws Exception { AuthorizationManager> authoritiesAuthorizationManager = mock(AuthorizationManager.class); - given(authoritiesAuthorizationManager.authorize(any(), any())).willCallRealMethod(); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); manager.setAuthoritiesAuthorizationManager(authoritiesAuthorizationManager); MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedAdmin"); Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision).isNull(); - verify(authoritiesAuthorizationManager).check(authentication, Set.of("ROLE_ADMIN")); + verify(authoritiesAuthorizationManager).authorize(authentication, Set.of("ROLE_ADMIN")); } @Test @@ -97,7 +94,7 @@ public void checkDoSomethingWhenNoJsr250AnnotationsThenNullDecision() throws Exc MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNull(); } @@ -105,7 +102,7 @@ public void checkDoSomethingWhenNoJsr250AnnotationsThenNullDecision() throws Exc public void checkPermitAllWhenRoleUserThenGrantedDecision() throws Exception { MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "permitAll"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -114,7 +111,7 @@ public void checkPermitAllWhenRoleUserThenGrantedDecision() throws Exception { public void checkDenyAllWhenRoleAdminThenDeniedDecision() throws Exception { MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "denyAll"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -124,7 +121,7 @@ public void checkRolesAllowedUserOrAdminWhenRoleUserThenGrantedDecision() throws MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "rolesAllowedUserOrAdmin"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -134,7 +131,7 @@ public void checkRolesAllowedUserOrAdminWhenRoleAdminThenGrantedDecision() throw MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "rolesAllowedUserOrAdmin"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -146,7 +143,7 @@ public void checkRolesAllowedUserOrAdminWhenRoleAnonymousThenDeniedDecision() th MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "rolesAllowedUserOrAdmin"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -159,7 +156,7 @@ public void checkMultipleMethodAnnotationsWhenInvokedThenAnnotationConfiguration "multipleAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } @Test @@ -169,7 +166,7 @@ public void checkMultipleClassAnnotationsWhenInvokedThenAnnotationConfigurationE ClassLevelIllegalAnnotations.class, "inheritedAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } @Test @@ -178,10 +175,10 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedAdmin"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); } @@ -191,7 +188,7 @@ public void checkDeniedWhenClassAnnotationsThenMethodAnnotationsTakePrecedence() MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "denyAll"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); } @@ -201,10 +198,10 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "rolesAllowedUser"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); } @@ -215,7 +212,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE "inheritedAnnotations"); Jsr250AuthorizationManager manager = new Jsr250AuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java index be29c6f328e..d20caf5d707 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ import org.springframework.security.access.annotation.BusinessService; import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler; import org.springframework.security.authentication.TestAuthentication; -import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.util.SimpleMethodInvocation; import static org.assertj.core.api.Assertions.assertThat; @@ -84,7 +84,7 @@ void setExpressionHandlerWhenNotNullThenVerifyExpressionHandler() { @Test void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() { MethodExpressionAuthorizationManager manager = new MethodExpressionAuthorizationManager("hasRole('ADMIN')"); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, new SimpleMethodInvocation(new Object(), ReflectionUtils.getRequiredMethod(BusinessService.class, "someAdminMethod"))); assertThat(decision).isNotNull(); @@ -94,7 +94,7 @@ void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() @Test void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() { MethodExpressionAuthorizationManager manager = new MethodExpressionAuthorizationManager("hasRole('ADMIN')"); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, new SimpleMethodInvocation(new Object(), ReflectionUtils.getRequiredMethod(BusinessService.class, "someAdminMethod"))); assertThat(decision).isNotNull(); diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java index 4a52ff7b5ed..d9a2c23f7bf 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -34,7 +34,6 @@ import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; @@ -70,7 +69,7 @@ public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() thro "doSomething", new Class[] {}, new Object[] {}); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result); assertThat(decision).isNull(); } @@ -80,7 +79,7 @@ public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exc "doSomethingString", new Class[] { String.class }, new Object[] { "grant" }); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -91,7 +90,7 @@ public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws E "doSomethingString", new Class[] { String.class }, new Object[] { "deny" }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -103,7 +102,7 @@ public void checkDoSomethingListWhenReturnObjectContainsGrantThenGrantedDecision "doSomethingList", new Class[] { List.class }, new Object[] { list }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -115,7 +114,7 @@ public void checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecisi "doSomethingList", new Class[] { List.class }, new Object[] { list }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, result); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, result); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -127,10 +126,10 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece ClassLevelAnnotations.class, "securedAdmin"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, result); + AuthorizationResult decision = manager.authorize(authentication, result); assertThat(decision.isGranted()).isFalse(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, result); + decision = manager.authorize(authentication, result); assertThat(decision.isGranted()).isTrue(); } @@ -141,10 +140,10 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception ClassLevelAnnotations.class, "securedUser"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, result); + AuthorizationResult decision = manager.authorize(authentication, result); assertThat(decision.isGranted()).isTrue(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, result); + decision = manager.authorize(authentication, result); assertThat(decision.isGranted()).isFalse(); } @@ -156,7 +155,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeAuthorizationManager manager = new PostAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.authorize(authentication, result)); } @Test diff --git a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java index 482712cb9b8..1e371d51ed2 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import static org.assertj.core.api.Assertions.assertThat; @@ -65,7 +65,8 @@ public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() thro "doSomething", new Class[] {}, new Object[] {}); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); - AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block(); + AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result) + .block(); assertThat(decision).isNull(); } @@ -75,7 +76,8 @@ public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exc "doSomethingString", new Class[] { String.class }, new Object[] { "grant" }); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); - AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block(); + AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -86,7 +88,8 @@ public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws E "doSomethingString", new Class[] { String.class }, new Object[] { "deny" }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block(); + AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -98,7 +101,8 @@ public void checkDoSomethingListWhenReturnObjectContainsGrantThenGrantedDecision "doSomethingList", new Class[] { List.class }, new Object[] { list }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block(); + AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -110,7 +114,8 @@ public void checkDoSomethingListWhenReturnObjectNotContainsGrantThenDeniedDecisi "doSomethingList", new Class[] { List.class }, new Object[] { list }); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, list); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(ReactiveAuthenticationUtils.getAuthentication(), result).block(); + AuthorizationResult decision = manager.authorize(ReactiveAuthenticationUtils.getAuthentication(), result) + .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -123,11 +128,11 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece ClassLevelAnnotations.class, "securedAdmin"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, result).block(); + AuthorizationResult decision = manager.authorize(authentication, result).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN")); - decision = manager.check(authentication, result).block(); + decision = manager.authorize(authentication, result).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -140,11 +145,11 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception ClassLevelAnnotations.class, "securedUser"); MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, result).block(); + AuthorizationResult decision = manager.authorize(authentication, result).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN")); - decision = manager.check(authentication, result).block(); + decision = manager.authorize(authentication, result).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -158,7 +163,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE MethodInvocationResult result = new MethodInvocationResult(methodInvocation, null); PostAuthorizeReactiveAuthorizationManager manager = new PostAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, result)); + .isThrownBy(() -> manager.authorize(authentication, result)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java index 9795dec9746..422b3166f4a 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,7 +32,6 @@ import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; @@ -67,7 +66,7 @@ public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() thro MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething", new Class[] {}, new Object[] {}); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNull(); } @@ -76,7 +75,7 @@ public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exc MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "grant" }); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -86,7 +85,7 @@ public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws E MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "deny" }); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -97,10 +96,10 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); } @@ -110,10 +109,10 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); } @@ -124,7 +123,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE ConflictingAnnotations.class, "inheritedAnnotations"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } @Test @@ -132,10 +131,10 @@ public void checkTargetClassAwareWhenInterfaceLevelAnnotationsThenApplies() thro MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestTargetClassAware(), TestTargetClassAware.class, "doSomething"); PreAuthorizeAuthorizationManager manager = new PreAuthorizeAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); - decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation); + decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } diff --git a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java index 8319d57ed87..47531446047 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import static org.assertj.core.api.Assertions.assertThat; @@ -61,8 +61,8 @@ public void checkDoSomethingWhenNoPostAuthorizeAnnotationThenNullDecision() thro MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething", new Class[] {}, new Object[] {}); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + AuthorizationResult decision = manager + .authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) .block(); assertThat(decision).isNull(); } @@ -72,8 +72,8 @@ public void checkDoSomethingStringWhenArgIsGrantThenGrantedDecision() throws Exc MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "grant" }); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + AuthorizationResult decision = manager + .authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); @@ -84,8 +84,8 @@ public void checkDoSomethingStringWhenArgIsNotGrantThenDeniedDecision() throws E MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomethingString", new Class[] { String.class }, new Object[] { "deny" }); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager - .check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) + AuthorizationResult decision = manager + .authorize(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation) .block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); @@ -98,11 +98,11 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation).block(); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN")); - decision = manager.check(authentication, methodInvocation).block(); + decision = manager.authorize(authentication, methodInvocation).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -114,11 +114,11 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation).block(); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); authentication = Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_ADMIN")); - decision = manager.check(authentication, methodInvocation).block(); + decision = manager.authorize(authentication, methodInvocation).block(); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -131,7 +131,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE ConflictingAnnotations.class, "inheritedAnnotations"); PreAuthorizeReactiveAuthorizationManager manager = new PreAuthorizeReactiveAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { diff --git a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java index 1e353c70789..4bad076e416 100644 --- a/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/method/SecuredAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,8 +30,8 @@ import org.springframework.security.access.intercept.method.MockMethodInvocation; import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authentication.TestingAuthenticationToken; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import static org.assertj.core.api.Assertions.assertThat; @@ -62,9 +62,9 @@ public void setAuthoritiesAuthorizationManagerWhenNotNullThenVerifyUsage() throw MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "securedUserOrAdmin"); Supplier authentication = TestAuthentication::authenticatedUser; - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision).isNull(); - verify(authoritiesAuthorizationManager).check(authentication, Set.of("ROLE_USER", "ROLE_ADMIN")); + verify(authoritiesAuthorizationManager).authorize(authentication, Set.of("ROLE_USER", "ROLE_ADMIN")); } @Test @@ -72,7 +72,7 @@ public void checkDoSomethingWhenNoSecuredAnnotationThenNullDecision() throws Exc MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "doSomething"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNull(); } @@ -81,7 +81,7 @@ public void checkSecuredUserOrAdminWhenRoleUserThenGrantedDecision() throws Exce MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "securedUserOrAdmin"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -91,7 +91,7 @@ public void checkSecuredUserOrAdminWhenRoleAdminThenGrantedDecision() throws Exc MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "securedUserOrAdmin"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -103,7 +103,7 @@ public void checkSecuredUserOrAdminWhenRoleAnonymousThenDeniedDecision() throws MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestClass(), TestClass.class, "securedUserOrAdmin"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -114,10 +114,10 @@ public void checkRequiresAdminWhenClassAnnotationsThenMethodAnnotationsTakePrece MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedAdmin"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); } @@ -127,10 +127,10 @@ public void checkRequiresUserWhenClassAnnotationsThenApplies() throws Exception MockMethodInvocation methodInvocation = new MockMethodInvocation(new ClassLevelAnnotations(), ClassLevelAnnotations.class, "securedUser"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(authentication, methodInvocation); + AuthorizationResult decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isTrue(); authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - decision = manager.check(authentication, methodInvocation); + decision = manager.authorize(authentication, methodInvocation); assertThat(decision.isGranted()).isFalse(); } @@ -141,7 +141,7 @@ public void checkInheritedAnnotationsWhenDuplicatedThenAnnotationConfigurationEx "inheritedAnnotations"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } @Test @@ -151,7 +151,7 @@ public void checkInheritedAnnotationsWhenConflictingThenAnnotationConfigurationE "inheritedAnnotations"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); assertThatExceptionOfType(AnnotationConfigurationException.class) - .isThrownBy(() -> manager.check(authentication, methodInvocation)); + .isThrownBy(() -> manager.authorize(authentication, methodInvocation)); } @Test @@ -159,10 +159,10 @@ public void checkTargetClassAwareWhenInterfaceLevelAnnotationsThenApplies() thro MockMethodInvocation methodInvocation = new MockMethodInvocation(new TestTargetClassAware(), TestTargetClassAware.class, "doSomething"); SecuredAuthorizationManager manager = new SecuredAuthorizationManager(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, methodInvocation); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); - decision = manager.check(TestAuthentication::authenticatedAdmin, methodInvocation); + decision = manager.authorize(TestAuthentication::authenticatedAdmin, methodInvocation); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } diff --git a/docs/modules/ROOT/pages/reactive/authorization/method.adoc b/docs/modules/ROOT/pages/reactive/authorization/method.adoc index 42a68da6093..6e2f96c980a 100644 --- a/docs/modules/ROOT/pages/reactive/authorization/method.adoc +++ b/docs/modules/ROOT/pages/reactive/authorization/method.adoc @@ -308,7 +308,7 @@ Java:: @Component public class MyPreAuthorizeAuthorizationManager implements ReactiveAuthorizationManager { @Override - public Mono check(Supplier authentication, MethodInvocation invocation) { + public Mono authorize(Supplier authentication, MethodInvocation invocation) { // ... authorization logic } @@ -321,7 +321,7 @@ Kotlin:: ---- @Component class MyPreAuthorizeAuthorizationManager : ReactiveAuthorizationManager { - override fun check(authentication: Supplier, invocation: MethodInvocation): Mono { + override fun authorize(authentication: Supplier, invocation: MethodInvocation): Mono { // ... authorization logic } diff --git a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc index 0c728528913..a47f591869a 100644 --- a/docs/modules/ROOT/pages/servlet/appendix/faq.adoc +++ b/docs/modules/ROOT/pages/servlet/appendix/faq.adoc @@ -544,7 +544,7 @@ public class DynamicAuthorizationManager implements AuthorizationManager authentication, RequestAuthorizationContext context) { + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext context) { // query the external service } } @@ -565,7 +565,7 @@ class DynamicAuthorizationManager : AuthorizationManager?, context: RequestAuthorizationContext?): AuthorizationDecision { + override fun authorize(authentication: Supplier?, context: RequestAuthorizationContext?): AuthorizationResult { // look up rules from the database } } @@ -595,7 +595,7 @@ public class DynamicAuthorizationManager implements AuthorizationManager authentication, MethodInvocation invocation) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation invocation) { // query the external service } } @@ -617,7 +617,7 @@ class DynamicAuthorizationManager : AuthorizationManager { private val authz: MyExternalAuthorizationService? = null // ... - override fun check(authentication: Supplier?, invocation: MethodInvocation?): AuthorizationDecision { + override fun authorize(authentication: Supplier?, invocation: MethodInvocation?): AuthorizationResult { // query the external service } } diff --git a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc index fc80141b455..264ef90e70a 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc @@ -99,7 +99,7 @@ The `AuthorizationManager` interface contains two methods: [source,java] ---- -AuthorizationDecision check(Supplier authentication, Object secureObject); +AuthorizationResult authorize(Supplier authentication, Object secureObject); default void verify(Supplier authentication, Object secureObject) throws AccessDeniedException { @@ -113,7 +113,7 @@ For example, let's assume the secure object was a `MethodInvocation`. It would be easy to query the `MethodInvocation` for any `Customer` argument, and then implement some sort of security logic in the `AuthorizationManager` to ensure the principal is permitted to operate on that customer. Implementations are expected to return a positive `AuthorizationDecision` if access is granted, negative `AuthorizationDecision` if access is denied, and a null `AuthorizationDecision` when abstaining from making a decision. -`verify` calls `check` and subsequently throws an `AccessDeniedException` in the case of a negative `AuthorizationDecision`. +`verify` calls `authorize` and subsequently throws an `AccessDeniedException` in the case of a negative `AuthorizationDecision`. [[authz-delegate-authorization-manager]] === Delegate-based AuthorizationManager Implementations @@ -180,7 +180,7 @@ public class AccessDecisionManagerAuthorizationManagerAdapter implements Authori private final SecurityMetadataSource securityMetadataSource; @Override - public AuthorizationDecision check(Supplier authentication, Object object) { + public AuthorizationResult authorize(Supplier authentication, Object object) { try { Collection attributes = this.securityMetadataSource.getAttributes(object); this.accessDecisionManager.decide(authentication.get(), object, attributes); @@ -216,7 +216,7 @@ public class AccessDecisionVoterAuthorizationManagerAdapter implements Authoriza private final SecurityMetadataSource securityMetadataSource; @Override - public AuthorizationDecision check(Supplier authentication, Object object) { + public AuthorizationResult authorize(Supplier authentication, Object object) { Collection attributes = this.securityMetadataSource.getAttributes(object); int decision = this.accessDecisionVoter.vote(authentication.get(), object, attributes); switch (decision) { diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc index ca3fd6b2bf4..47427233d3a 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc @@ -861,7 +861,7 @@ Java:: @Component public final class OpenPolicyAgentAuthorizationManager implements AuthorizationManager { @Override - public AuthorizationDecision check(Supplier authentication, RequestAuthorizationContext context) { + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext context) { // make request to Open Policy Agent } } diff --git a/docs/modules/ROOT/pages/servlet/authorization/events.adoc b/docs/modules/ROOT/pages/servlet/authorization/events.adoc index a791dcb3655..5d8fd796e93 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/events.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/events.adoc @@ -95,29 +95,28 @@ public class MyAuthorizationEventPublisher implements AuthorizationEventPublishe @Override public void publishAuthorizationEvent(Supplier authentication, - T object, AuthorizationDecision decision) { - if (decision == null) { + T object, AuthorizationResult result) { + if (result == null) { return; } - if (!decision.isGranted()) { - this.delegate.publishAuthorizationEvent(authentication, object, decision); + if (!result.isGranted()) { + this.delegate.publishAuthorizationEvent(authentication, object, result); return; } - if (shouldThisEventBePublished(decision)) { + if (shouldThisEventBePublished(result)) { AuthorizationGrantedEvent granted = new AuthorizationGrantedEvent( - authentication, object, decision); + authentication, object, result); this.publisher.publishEvent(granted); } } - private boolean shouldThisEventBePublished(AuthorizationDecision decision) { - if (!(decision instanceof AuthorityAuthorizationDecision)) { - return false; - } - Collection authorities = ((AuthorityAuthorizationDecision) decision).getAuthorities(); - for (GrantedAuthority authority : authorities) { - if ("ROLE_ADMIN".equals(authority.getAuthority())) { - return true; + private boolean shouldThisEventBePublished(AuthorizationResult result) { + if (result instanceof AuthorityAuthorizationDecision authorityAuthorizationDecision) { + Collection authorities = authorityAuthorizationDecision.getAuthorities(); + for (GrantedAuthority authority : authorities) { + if ("ROLE_ADMIN".equals(authority.getAuthority())) { + return true; + } } } return false; @@ -137,22 +136,22 @@ class MyAuthorizationEventPublisher(val publisher: ApplicationEventPublisher, override fun publishAuthorizationEvent( authentication: Supplier?, `object`: T, - decision: AuthorizationDecision? + result: AuthorizationResult? ) { - if (decision == null) { + if (result == null) { return } - if (!decision.isGranted) { - this.delegate.publishAuthorizationEvent(authentication, `object`, decision) + if (!result.isGranted) { + this.delegate.publishAuthorizationEvent(authentication, `object`, result) return } - if (shouldThisEventBePublished(decision)) { - val granted = AuthorizationGrantedEvent(authentication, `object`, decision) + if (shouldThisEventBePublished(result)) { + val granted = AuthorizationGrantedEvent(authentication, `object`, result) this.publisher.publishEvent(granted) } } - private fun shouldThisEventBePublished(decision: AuthorizationDecision): Boolean { + private fun shouldThisEventBePublished(result: AuthorizationResult): Boolean { if (decision !is AuthorityAuthorizationDecision) { return false } diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index 944e1813f24..f16ce38db01 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -1371,12 +1371,12 @@ Java:: @Component public class MyAuthorizationManager implements AuthorizationManager, AuthorizationManager { @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocation invocation) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocation invocation) { // ... authorization logic } @Override - public AuthorizationDecision check(Supplier authentication, MethodInvocationResult invocation) { + public AuthorizationResult authorize(Supplier authentication, MethodInvocationResult invocation) { // ... authorization logic } } @@ -1388,11 +1388,11 @@ Kotlin:: ---- @Component class MyAuthorizationManager : AuthorizationManager, AuthorizationManager { - override fun check(authentication: Supplier, invocation: MethodInvocation): AuthorizationDecision { + override fun authorize(authentication: Supplier, invocation: MethodInvocation): AuthorizationResult { // ... authorization logic } - override fun check(authentication: Supplier, invocation: MethodInvocationResult): AuthorizationDecision { + override fun authorize(authentication: Supplier, invocation: MethodInvocationResult): AuthorizationResult { // ... authorization logic } } diff --git a/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc b/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc index 9513600dd20..3f57195ede5 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/websocket.adoc @@ -227,7 +227,7 @@ public final class MessageExpressionAuthorizationManager implements Authorizatio } @Override - public AuthorizationDecision check(Supplier authentication, MessageAuthorizationContext context) { + public AuthorizationResult authorize(Supplier authentication, MessageAuthorizationContext context) { EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context.getMessage()); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx); return new ExpressionAuthorizationDecision(granted, this.expression); diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.java index c17e2b8de94..0b18f10cd54 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptor.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,6 @@ import org.springframework.messaging.support.ChannelInterceptor; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationResult; @@ -109,12 +108,6 @@ private Supplier getAuthentication(SecurityContextHolderStrategy private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher { - @Override - public void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationDecision decision) { - - } - @Override public void publishAuthorizationEvent(Supplier authentication, T object, AuthorizationResult result) { diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java index c24bb1b7b52..6f782de9a95 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java @@ -28,7 +28,6 @@ import org.springframework.messaging.simp.SimpMessageType; import org.springframework.security.authorization.AuthenticatedAuthorizationManager; import org.springframework.security.authorization.AuthorityAuthorizationManager; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.SingleResultAuthorizationManager; @@ -56,30 +55,6 @@ private MessageMatcherDelegatingAuthorizationManager( this.mappings = mappings; } - /** - * Delegates to a specific {@link AuthorizationManager} based on a - * {@link MessageMatcher} evaluation. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param message the {@link Message} to check - * @return an {@link AuthorizationDecision}. If there is no {@link MessageMatcher} - * matching the message, or the {@link AuthorizationManager} could not decide, then - * null is returned - * @deprecated please use {@link #authorize(Supplier, Message)} instead - */ - @Deprecated - @Override - public AuthorizationDecision check(Supplier authentication, Message message) { - AuthorizationResult result = authorize(authentication, message); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type AuthorizationDecision"); - } - @Override public AuthorizationResult authorize(Supplier authentication, Message message) { if (this.logger.isTraceEnabled()) { diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java index debb21b7622..feb215f31bf 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/AuthorizationChannelInterceptorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,7 +30,6 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; -import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -39,7 +38,6 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.mockito.ArgumentMatchers.any; import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.lenient; import static org.mockito.Mockito.verify; /** @@ -83,15 +81,13 @@ public void constructorWhenAuthorizationManagerNullThenIllegalArgument() { @Test public void preSendWhenAllowThenSameMessage() { - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true)); assertThat(this.interceptor.preSend(this.message, this.channel)).isSameAs(this.message); } @Test public void preSendWhenDenyThenException() { - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false)); assertThatExceptionOfType(AccessDeniedException.class) .isThrownBy(() -> this.interceptor.preSend(this.message, this.channel)); } @@ -105,11 +101,7 @@ public void setEventPublisherWhenNullThenException() { @Test public void preSendWhenAuthorizationEventPublisherThenPublishes() { this.interceptor.setAuthorizationEventPublisher(this.eventPublisher); - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); - lenient().doCallRealMethod() - .when(this.eventPublisher) - .publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class)); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true)); this.interceptor.preSend(this.message, this.channel); verify(this.eventPublisher).publishAuthorizationEvent(any(), any(), any()); } diff --git a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java index acbb6dff2fc..bd1fedb1f70 100644 --- a/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java +++ b/messaging/src/test/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManagerTests.java @@ -65,7 +65,7 @@ void setUp() { void checkWhenPermitAllThenPermits() { AuthorizationManager> authorizationManager = builder().anyMessage().permitAll().build(); Message message = new GenericMessage<>(new Object()); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue(); } @Test @@ -73,9 +73,9 @@ void checkWhenAnyMessageHasRoleThenRequires() { AuthorizationManager> authorizationManager = builder().anyMessage().hasRole("USER").build(); Message message = new GenericMessage<>(new Object()); Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER"); - assertThat(authorizationManager.check(() -> user, message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(() -> user, message).isGranted()).isTrue(); Authentication admin = new TestingAuthenticationToken("user", "password", "ROLE_ADMIN"); - assertThat(authorizationManager.check(() -> admin, message).isGranted()).isFalse(); + assertThat(authorizationManager.authorize(() -> admin, message).isGranted()).isFalse(); } @Test @@ -88,7 +88,7 @@ void checkWhenSimpDestinationMatchesThenUses() { MessageHeaders headers = new MessageHeaders( Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination")); Message message = new GenericMessage<>(new Object(), headers); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue(); } @Test @@ -99,11 +99,11 @@ void checkWhenNullDestinationHeaderMatchesThenUses() { .denyAll() .build(); Message message = new GenericMessage<>(new Object()); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue(); MessageHeaders headers = new MessageHeaders( Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination")); message = new GenericMessage<>(new Object(), headers); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse(); } @Test @@ -116,7 +116,7 @@ void checkWhenSimpTypeMatchesThenUses() { MessageHeaders headers = new MessageHeaders( Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT)); Message message = new GenericMessage<>(new Object(), headers); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue(); } // gh-12540 @@ -130,7 +130,7 @@ void checkWhenSimpDestinationMatchesThenVariablesExtracted() { MessageHeaders headers = new MessageHeaders( Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "destination/3")); Message message = new GenericMessage<>(new Object(), headers); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isTrue(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isTrue(); } @Test @@ -151,7 +151,7 @@ void checkWhenMessageTypeAndPathPatternMatches() { MessageHeaders headers2 = new MessageHeaders(Map.of(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE, SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination")); Message message2 = new GenericMessage<>(new Object(), headers2); - assertThat(authorizationManager.check(mock(Supplier.class), message2).isGranted()).isFalse(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message2).isGranted()).isFalse(); } @Test @@ -166,7 +166,7 @@ void checkPatternMismatch() { MessageHeaders headers = new MessageHeaders( Map.of(SimpMessageHeaderAccessor.DESTINATION_HEADER, "/destination/sub/asdf")); Message message = new GenericMessage<>(new Object(), headers); - assertThat(authorizationManager.check(mock(Supplier.class), message).isGranted()).isFalse(); + assertThat(authorizationManager.authorize(mock(Supplier.class), message).isGranted()).isFalse(); } private MessageMatcherDelegatingAuthorizationManager.Builder builder() { diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java index 9004633f9ed..75a7a1f8689 100644 --- a/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java +++ b/rsocket/src/main/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManager.java @@ -51,21 +51,6 @@ private PayloadExchangeMatcherReactiveAuthorizationManager( this.mappings = mappings; } - /** - * @deprecated please use {@link #authorize(Mono, PayloadExchange)} instead - */ - @Deprecated - @Override - public Mono check(Mono authentication, PayloadExchange exchange) { - return authorize(authentication, exchange).flatMap((result) -> { - if (result instanceof AuthorizationDecision decision) { - return Mono.just(decision); - } - return Mono.error(new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type Mono")); - }); - } - @Override public Mono authorize(Mono authentication, PayloadExchange exchange) { return Flux.fromIterable(this.mappings) diff --git a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java index c0b14cb8351..796c0aeba37 100644 --- a/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java +++ b/rsocket/src/test/java/org/springframework/security/rsocket/authorization/PayloadExchangeMatcherReactiveAuthorizationManagerTests.java @@ -52,51 +52,47 @@ public class PayloadExchangeMatcherReactiveAuthorizationManagerTests { @Test public void checkWhenGrantedThenGranted() { AuthorizationDecision expected = new AuthorizationDecision(true); - given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); - given(this.authz.authorize(any(), any())).willCallRealMethod(); + given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder() .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); + assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @Test public void checkWhenDeniedThenDenied() { AuthorizationDecision expected = new AuthorizationDecision(false); - given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); - given(this.authz.authorize(any(), any())).willCallRealMethod(); + given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder() .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); + assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @Test public void checkWhenFirstMatchThenSecondUsed() { AuthorizationDecision expected = new AuthorizationDecision(true); - given(this.authz.check(any(), any())).willReturn(Mono.just(expected)); - given(this.authz.authorize(any(), any())).willCallRealMethod(); + given(this.authz.authorize(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder() .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz)) .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz2)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); + assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected); } @Test public void checkWhenSecondMatchThenSecondUsed() { AuthorizationDecision expected = new AuthorizationDecision(true); - given(this.authz2.check(any(), any())).willReturn(Mono.just(expected)); - given(this.authz2.authorize(any(), any())).willCallRealMethod(); + given(this.authz2.authorize(any(), any())).willReturn(Mono.just(expected)); PayloadExchangeMatcherReactiveAuthorizationManager manager = PayloadExchangeMatcherReactiveAuthorizationManager .builder() .add(new PayloadExchangeMatcherEntry<>((e) -> PayloadExchangeMatcher.MatchResult.notMatch(), this.authz)) .add(new PayloadExchangeMatcherEntry<>(PayloadExchangeMatchers.anyExchange(), this.authz2)) .build(); - assertThat(manager.check(Mono.empty(), this.exchange).block()).isEqualTo(expected); + assertThat(manager.authorize(Mono.empty(), this.exchange).block()).isEqualTo(expected); } } diff --git a/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java index 35e9cfdbd23..f2c34a905e8 100644 --- a/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; import org.springframework.security.web.util.matcher.IpAddressMatcher; @@ -52,7 +53,7 @@ public static IpAddressAuthorizationManager hasIpAddress(String ipAddress) { } @Override - public AuthorizationDecision check(Supplier authentication, + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext requestAuthorizationContext) { return new AuthorizationDecision( this.ipAddressMatcher.matcher(requestAuthorizationContext.getRequest()).isMatch()); diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java index 22d49e44e7c..83b6fd7e1f6 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,8 +22,8 @@ import org.springframework.expression.Expression; import org.springframework.security.access.expression.ExpressionUtils; import org.springframework.security.access.expression.SecurityExpressionHandler; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.ExpressionAuthorizationDecision; import org.springframework.security.core.Authentication; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; @@ -71,7 +71,7 @@ public void setExpressionHandler(SecurityExpressionHandler authentication, RequestAuthorizationContext context) { + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext context) { EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx); return new ExpressionAuthorizationDecision(granted, this.expression); diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java index d6fb9286c45..cdda331115d 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +29,6 @@ import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; -import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; @@ -231,12 +230,6 @@ public void setFilterAsyncDispatch(boolean filterAsyncDispatch) { private static class NoopAuthorizationEventPublisher implements AuthorizationEventPublisher { - @Override - public void publishAuthorizationEvent(Supplier authentication, T object, - AuthorizationDecision decision) { - - } - @Override public void publishAuthorizationEvent(Supplier authentication, T object, AuthorizationResult result) { diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java index de660a3f97b..15ea6fd4ea4 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java @@ -62,30 +62,6 @@ private RequestMatcherDelegatingAuthorizationManager( this.mappings = mappings; } - /** - * Delegates to a specific {@link AuthorizationManager} based on a - * {@link RequestMatcher} evaluation. - * @param authentication the {@link Supplier} of the {@link Authentication} to check - * @param request the {@link HttpServletRequest} to check - * @return an {@link AuthorizationDecision}. If there is no {@link RequestMatcher} - * matching the request, or the {@link AuthorizationManager} could not decide, then - * null is returned - * @deprecated please use {@link #authorize(Supplier, HttpServletRequest)} instead - */ - @Deprecated - @Override - public AuthorizationDecision check(Supplier authentication, HttpServletRequest request) { - AuthorizationResult result = authorize(authentication, request); - if (result == null) { - return null; - } - if (result instanceof AuthorizationDecision decision) { - return decision; - } - throw new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type AuthorizationDecision"); - } - @Override public AuthorizationResult authorize(Supplier authentication, HttpServletRequest request) { if (this.logger.isTraceEnabled()) { diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java index e245ce0466e..09e2e065b75 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManager.java @@ -50,21 +50,6 @@ private DelegatingReactiveAuthorizationManager( this.mappings = mappings; } - /** - * @deprecated please use {@link #authorize(Mono, ServerWebExchange)} instead - */ - @Deprecated - @Override - public Mono check(Mono authentication, ServerWebExchange exchange) { - return authorize(authentication, exchange).flatMap((result) -> { - if (result instanceof AuthorizationDecision decision) { - return Mono.just(decision); - } - return Mono.error(new IllegalArgumentException( - "Please call #authorize or ensure that the returned result is of type Mono")); - }); - } - @Override public Mono authorize(Mono authentication, ServerWebExchange exchange) { return Flux.fromIterable(this.mappings) diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java index 98dfd5b3ee6..bafef2bf10b 100644 --- a/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManager.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,6 +19,7 @@ import reactor.core.publisher.Mono; import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.web.server.util.matcher.IpAddressServerWebExchangeMatcher; @@ -40,7 +41,7 @@ public final class IpAddressReactiveAuthorizationManager implements ReactiveAuth } @Override - public Mono check(Mono authentication, AuthorizationContext context) { + public Mono authorize(Mono authentication, AuthorizationContext context) { return Mono.just(context.getExchange()) .flatMap(this.ipAddressExchangeMatcher::matches) .map((matchResult) -> new AuthorizationDecision(matchResult.isMatch())); diff --git a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java index 0fd298ec969..ebb7199cb62 100644 --- a/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java +++ b/web/src/test/java/org/springframework/security/web/access/AuthorizationManagerWebInvocationPrivilegeEvaluatorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -62,25 +62,22 @@ void constructorWhenAuthorizationManagerNullThenIllegalArgument() { @Test void isAllowedWhenAuthorizationManagerAllowsThenAllowedTrue() { - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(true)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(true)); boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); assertThat(allowed).isTrue(); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test void isAllowedWhenAuthorizationManagerDeniesAllowedFalse() { - given(this.authorizationManager.check(any(), any())).willReturn(new AuthorizationDecision(false)); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(new AuthorizationDecision(false)); boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); assertThat(allowed).isFalse(); } @Test void isAllowedWhenAuthorizationManagerAbstainsThenAllowedTrue() { - given(this.authorizationManager.check(any(), any())).willReturn(null); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); + given(this.authorizationManager.authorize(any(), any())).willReturn(null); boolean allowed = this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); assertThat(allowed).isTrue(); } @@ -88,11 +85,10 @@ void isAllowedWhenAuthorizationManagerAbstainsThenAllowedTrue() { @Test void isAllowedWhenServletContextExistsThenFilterInvocationHasServletContext() { ServletContext servletContext = new MockServletContext(); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.privilegeEvaluator.setServletContext(servletContext); this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); ArgumentCaptor captor = ArgumentCaptor.forClass(HttpServletRequest.class); - verify(this.authorizationManager).check(any(), captor.capture()); + verify(this.authorizationManager).authorize(any(), captor.capture()); assertThat(captor.getValue().getServletContext()).isSameAs(servletContext); } @@ -105,12 +101,11 @@ void setRequestTransformerWhenNullThenIllegalArgumentException() { void isAllowedWhenRequestTransformerThenUsesRequestTransformerResult() { HttpServletRequest request = new MockHttpServletRequest(); given(this.requestTransformer.transform(any())).willReturn(request); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.privilegeEvaluator.setRequestTransformer(this.requestTransformer); this.privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); - verify(this.authorizationManager).check(any(), eq(request)); + verify(this.authorizationManager).authorize(any(), eq(request)); } // gh-16771 @@ -119,13 +114,14 @@ void isAllowedWhenInvokesDelegateThenCachesRequestPath() { RequestMatcherDelegatingAuthorizationManager authorizationManager = RequestMatcherDelegatingAuthorizationManager .builder() .add(PathPatternRequestMatcher.withDefaults().matcher("/test/**"), - (authentication, context) -> this.authorizationManager.check(authentication, context.getRequest())) + (authentication, context) -> this.authorizationManager.authorize(authentication, + context.getRequest())) .build(); AuthorizationManagerWebInvocationPrivilegeEvaluator privilegeEvaluator = new AuthorizationManagerWebInvocationPrivilegeEvaluator( authorizationManager); privilegeEvaluator.setRequestTransformer(new PathPatternRequestTransformer()); privilegeEvaluator.isAllowed("/test", TestAuthentication.authenticatedUser()); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } } diff --git a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java index 3fed051ff70..131dba7845f 100644 --- a/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ import org.springframework.expression.ExpressionParser; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.authentication.TestAuthentication; -import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.web.access.intercept.RequestAuthorizationContext; import static org.assertj.core.api.Assertions.assertThat; @@ -87,7 +87,7 @@ void setExpressionHandlerWhenNotNullThenVerifyExpressionHandler() { @Test void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() { WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')"); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, new RequestAuthorizationContext(new MockHttpServletRequest())); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); @@ -96,7 +96,7 @@ void checkWhenExpressionHasRoleAdminConfiguredAndRoleAdminThenGrantedDecision() @Test void checkWhenExpressionHasRoleAdminConfiguredAndRoleUserThenDeniedDecision() { WebExpressionAuthorizationManager manager = new WebExpressionAuthorizationManager("hasRole('ADMIN')"); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, new RequestAuthorizationContext(new MockHttpServletRequest())); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java index ba4825d7842..62f217d2325 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,6 @@ import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationEventPublisher; import org.springframework.security.authorization.AuthorizationManager; -import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; @@ -54,7 +53,6 @@ import static org.mockito.ArgumentMatchers.eq; import static org.mockito.BDDMockito.given; import static org.mockito.BDDMockito.willThrow; -import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; @@ -93,8 +91,7 @@ public void tearDown() { @Test public void filterWhenAuthorizationManagerVerifyPassesThenNextFilter() throws Exception { AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); - given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod(); - given(mockAuthorizationManager.check(any(Supplier.class), any(HttpServletRequest.class))) + given(mockAuthorizationManager.authorize(any(Supplier.class), any(HttpServletRequest.class))) .willReturn(new AuthorizationDecision(true)); AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager); TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password"); @@ -110,7 +107,7 @@ public void filterWhenAuthorizationManagerVerifyPassesThenNextFilter() throws Ex filter.doFilter(mockRequest, mockResponse, mockFilterChain); ArgumentCaptor> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class); - verify(mockAuthorizationManager).check(authenticationCaptor.capture(), eq(mockRequest)); + verify(mockAuthorizationManager).authorize(authenticationCaptor.capture(), eq(mockRequest)); Supplier authentication = authenticationCaptor.getValue(); assertThat(authentication.get()).isEqualTo(authenticationToken); @@ -121,7 +118,6 @@ public void filterWhenAuthorizationManagerVerifyPassesThenNextFilter() throws Ex @Test public void filterWhenAuthorizationManagerVerifyThrowsAccessDeniedExceptionThenStopFilterChain() { AuthorizationManager mockAuthorizationManager = mock(AuthorizationManager.class); - given(mockAuthorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager); TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password"); @@ -134,14 +130,14 @@ public void filterWhenAuthorizationManagerVerifyThrowsAccessDeniedExceptionThenS FilterChain mockFilterChain = mock(FilterChain.class); willThrow(new AccessDeniedException("Access Denied")).given(mockAuthorizationManager) - .check(any(), eq(mockRequest)); + .authorize(any(), eq(mockRequest)); assertThatExceptionOfType(AccessDeniedException.class) .isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)) .withMessage("Access Denied"); ArgumentCaptor> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class); - verify(mockAuthorizationManager).check(authenticationCaptor.capture(), eq(mockRequest)); + verify(mockAuthorizationManager).authorize(authenticationCaptor.capture(), eq(mockRequest)); Supplier authentication = authenticationCaptor.getValue(); assertThat(authentication.get()).isEqualTo(authenticationToken); @@ -190,7 +186,6 @@ public void doFilterWhenAuthorizationEventPublisherThenUses() throws Exception { SecurityContextHolder.setContext(securityContext); AuthorizationEventPublisher eventPublisher = mock(AuthorizationEventPublisher.class); - doCallRealMethod().when(eventPublisher).publishAuthorizationEvent(any(), any(), any(AuthorizationResult.class)); authorizationFilter.setAuthorizationEventPublisher(eventPublisher); authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain); verify(eventPublisher).publishAuthorizationEvent(any(Supplier.class), any(HttpServletRequest.class), @@ -200,7 +195,6 @@ public void doFilterWhenAuthorizationEventPublisherThenUses() throws Exception { @Test public void doFilterWhenErrorThenDoFilter() throws Exception { AuthorizationManager authorizationManager = mock(AuthorizationManager.class); - given(authorizationManager.authorize(any(), any())).willCallRealMethod(); AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager); MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path"); mockRequest.setDispatcherType(DispatcherType.ERROR); @@ -209,7 +203,7 @@ public void doFilterWhenErrorThenDoFilter() throws Exception { FilterChain mockFilterChain = mock(FilterChain.class); authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain); - verify(authorizationManager).check(any(Supplier.class), eq(mockRequest)); + verify(authorizationManager).authorize(any(Supplier.class), eq(mockRequest)); } @Test @@ -237,27 +231,24 @@ public void doFilterWhenObserveOncePerRequestTrueAndIsAppliedThenNotInvoked() th @Test public void doFilterWhenObserveOncePerRequestTrueAndNotAppliedThenInvoked() throws ServletException, IOException { - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.filter.setObserveOncePerRequest(true); this.filter.doFilter(this.request, this.response, this.chain); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test public void doFilterWhenObserveOncePerRequestFalseAndIsAppliedThenInvoked() throws ServletException, IOException { setIsAppliedTrue(); - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.filter.setObserveOncePerRequest(false); this.filter.doFilter(this.request, this.response, this.chain); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test public void doFilterWhenObserveOncePerRequestFalseAndNotAppliedThenInvoked() throws ServletException, IOException { - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.filter.setObserveOncePerRequest(false); this.filter.doFilter(this.request, this.response, this.chain); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test @@ -270,11 +261,10 @@ public void doFilterWhenFilterErrorDispatchFalseAndIsErrorThenNotInvoked() throw @Test public void doFilterWhenFilterErrorDispatchTrueAndIsErrorThenInvoked() throws ServletException, IOException { - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.request.setDispatcherType(DispatcherType.ERROR); this.filter.setFilterErrorDispatch(true); this.filter.doFilter(this.request, this.response, this.chain); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test @@ -294,11 +284,10 @@ public void doFilterWhenFilterThenRemoveAlreadyFilteredAttribute() throws Servle @Test public void doFilterWhenFilterAsyncDispatchTrueAndIsAsyncThenInvoked() throws ServletException, IOException { - given(this.authorizationManager.authorize(any(), any())).willCallRealMethod(); this.request.setDispatcherType(DispatcherType.ASYNC); this.filter.setFilterAsyncDispatch(true); this.filter.doFilter(this.request, this.response, this.chain); - verify(this.authorizationManager).check(any(), any()); + verify(this.authorizationManager).authorize(any(), any()); } @Test diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java index dfb754fed56..8e029661dcf 100644 --- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java @@ -25,7 +25,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthenticatedAuthorizationManager; import org.springframework.security.authorization.AuthorityAuthorizationManager; -import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.SingleResultAuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; @@ -79,15 +79,15 @@ public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() { Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); - AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant")); + AuthorizationResult grant = manager.authorize(authentication, new MockHttpServletRequest(null, "/grant")); assertThat(grant).isNotNull(); assertThat(grant.isGranted()).isTrue(); - AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny")); + AuthorizationResult deny = manager.authorize(authentication, new MockHttpServletRequest(null, "/deny")); assertThat(deny).isNotNull(); assertThat(deny.isGranted()).isFalse(); - AuthorizationDecision defaultDeny = manager.check(authentication, + AuthorizationResult defaultDeny = manager.authorize(authentication, new MockHttpServletRequest(null, "/unmapped")); assertThat(defaultDeny).isNotNull(); assertThat(defaultDeny.isGranted()).isFalse(); @@ -108,16 +108,16 @@ public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatching Supplier authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER"); - AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant")); + AuthorizationResult grant = manager.authorize(authentication, new MockHttpServletRequest(null, "/grant")); assertThat(grant).isNotNull(); assertThat(grant.isGranted()).isTrue(); - AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny")); + AuthorizationResult afterAny = manager.authorize(authentication, new MockHttpServletRequest(null, "/afterAny")); assertThat(afterAny).isNotNull(); assertThat(afterAny.isGranted()).isFalse(); - AuthorizationDecision unmapped = manager.check(authentication, new MockHttpServletRequest(null, "/unmapped")); + AuthorizationResult unmapped = manager.authorize(authentication, new MockHttpServletRequest(null, "/unmapped")); assertThat(unmapped).isNotNull(); assertThat(unmapped.isGranted()).isFalse(); } @@ -180,7 +180,7 @@ public void anyRequestWhenPermitAllThenGrantedDecision() { .anyRequest() .permitAll() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -191,7 +191,7 @@ public void anyRequestWhenDenyAllThenDeniedDecision() { .anyRequest() .denyAll() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -202,7 +202,7 @@ public void authenticatedWhenAuthenticatedUserThenGrantedDecision() { .anyRequest() .authenticated() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -213,7 +213,7 @@ public void authenticatedWhenAnonymousUserThenDeniedDecision() { .anyRequest() .authenticated() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -224,7 +224,7 @@ public void fullyAuthenticatedWhenAuthenticatedUserThenGrantedDecision() { .anyRequest() .fullyAuthenticated() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -235,7 +235,7 @@ public void fullyAuthenticatedWhenAnonymousUserThenDeniedDecision() { .anyRequest() .fullyAuthenticated() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -246,7 +246,7 @@ public void fullyAuthenticatedWhenRememberMeUserThenDeniedDecision() { .anyRequest() .fullyAuthenticated() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::rememberMeUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -257,7 +257,7 @@ public void rememberMeWhenRememberMeUserThenGrantedDecision() { .anyRequest() .rememberMe() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::rememberMeUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::rememberMeUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -268,7 +268,7 @@ public void rememberMeWhenAuthenticatedUserThenDeniedDecision() { .anyRequest() .rememberMe() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -279,7 +279,7 @@ public void anonymousWhenAnonymousUserThenGrantedDecision() { .anyRequest() .anonymous() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -290,7 +290,7 @@ public void anonymousWhenAuthenticatedUserThenDeniedDecision() { .anyRequest() .anonymous() .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -301,7 +301,7 @@ public void hasRoleAdminWhenAuthenticatedUserThenDeniedDecision() { .anyRequest() .hasRole("ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -312,7 +312,7 @@ public void hasRoleAdminWhenAuthenticatedAdminThenGrantedDecision() { .anyRequest() .hasRole("ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -323,7 +323,7 @@ public void hasAnyRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecision() { .anyRequest() .hasAnyRole("USER", "ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -334,7 +334,7 @@ public void hasAnyRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecision() { .anyRequest() .hasAnyRole("USER", "ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -345,7 +345,7 @@ public void hasAnyRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() { .anyRequest() .hasAnyRole("USER", "ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -356,7 +356,7 @@ public void hasAuthorityRoleAdminWhenAuthenticatedUserThenDeniedDecision() { .anyRequest() .hasAuthority("ROLE_ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } @@ -367,7 +367,7 @@ public void hasAuthorityRoleAdminWhenAuthenticatedAdminThenGrantedDecision() { .anyRequest() .hasAuthority("ROLE_ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -378,7 +378,7 @@ public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedUserThenGrantedDecisi .anyRequest() .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -389,7 +389,7 @@ public void hasAnyAuthorityRoleUserOrAdminWhenAuthenticatedAdminThenGrantedDecis .anyRequest() .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::authenticatedAdmin, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::authenticatedAdmin, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isTrue(); } @@ -400,7 +400,7 @@ public void hasAnyAuthorityRoleUserOrAdminWhenAnonymousUserThenDeniedDecision() .anyRequest() .hasAnyRole("USER", "ADMIN") .build(); - AuthorizationDecision decision = manager.check(TestAuthentication::anonymousUser, null); + AuthorizationResult decision = manager.authorize(TestAuthentication::anonymousUser, null); assertThat(decision).isNotNull(); assertThat(decision.isGranted()).isFalse(); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java index 131a6c45809..640cdcbff89 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,6 +27,7 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextImpl; @@ -113,8 +114,9 @@ public void filterWhenGrantedAndDoesNotAccessAuthenticationThenChainSubscribedAn public void filterWhenGrantedAndDoeAccessAuthenticationThenChainSubscribedAndSecurityContextSubscribed() { PublisherProbe context = PublisherProbe.empty(); given(this.chain.filter(this.exchange)).willReturn(this.chainResult.mono()); - AuthorizationWebFilter filter = new AuthorizationWebFilter((a, - e) -> a.map((auth) -> new AuthorizationDecision(true)).defaultIfEmpty(new AuthorizationDecision(true))); + AuthorizationWebFilter filter = new AuthorizationWebFilter( + (a, e) -> a.map((auth) -> (AuthorizationResult) new AuthorizationDecision(true)) + .defaultIfEmpty(new AuthorizationDecision(true))); Mono result = filter.filter(this.exchange, this.chain) .contextWrite(ReactiveSecurityContextHolder.withSecurityContext(context.mono())); StepVerifier.create(result).verifyComplete(); diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java index adab9bb717f..eb824db5055 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/DelegatingReactiveAuthorizationManagerTests.java @@ -79,10 +79,9 @@ public void setup() { @Test public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); - given(this.delegate1.check(eq(this.authentication), any(AuthorizationContext.class))) + given(this.delegate1.authorize(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - given(this.delegate1.authorize(eq(this.authentication), any(AuthorizationContext.class))).willCallRealMethod(); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); + assertThat(this.manager.authorize(this.authentication, this.exchange).block()).isEqualTo(this.decision); verifyNoMoreInteractions(this.match2, this.delegate2); } @@ -90,10 +89,9 @@ public void checkWhenFirstMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() { public void checkWhenSecondMatchesThenNoMoreMatchersAndNoMoreDelegatesInvoked() { given(this.match1.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch()); given(this.match2.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match()); - given(this.delegate2.check(eq(this.authentication), any(AuthorizationContext.class))) + given(this.delegate2.authorize(eq(this.authentication), any(AuthorizationContext.class))) .willReturn(Mono.just(this.decision)); - given(this.delegate2.authorize(eq(this.authentication), any(AuthorizationContext.class))).willCallRealMethod(); - assertThat(this.manager.check(this.authentication, this.exchange).block()).isEqualTo(this.decision); + assertThat(this.manager.authorize(this.authentication, this.exchange).block()).isEqualTo(this.decision); verifyNoMoreInteractions(this.delegate1); } diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java index 6cb2f2b8cfb..1195160d2b0 100644 --- a/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authorization/IpAddressReactiveAuthorizationManagerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,7 @@ public class IpAddressReactiveAuthorizationManagerTests { public void checkWhenHasIpv6AddressThenReturnTrue() throws UnknownHostException { IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager .hasIpAddress("fe80::21f:5bff:fe33:bd68"); - boolean granted = v6manager.check(null, context("fe80::21f:5bff:fe33:bd68")).block().isGranted(); + boolean granted = v6manager.authorize(null, context("fe80::21f:5bff:fe33:bd68")).block().isGranted(); assertThat(granted).isTrue(); } @@ -46,7 +46,7 @@ public void checkWhenHasIpv6AddressThenReturnTrue() throws UnknownHostException public void checkWhenHasIpv6AddressThenReturnFalse() throws UnknownHostException { IpAddressReactiveAuthorizationManager v6manager = IpAddressReactiveAuthorizationManager .hasIpAddress("fe80::21f:5bff:fe33:bd68"); - boolean granted = v6manager.check(null, context("fe80::1c9a:7cfd:29a8:a91e")).block().isGranted(); + boolean granted = v6manager.authorize(null, context("fe80::1c9a:7cfd:29a8:a91e")).block().isGranted(); assertThat(granted).isFalse(); } @@ -54,7 +54,7 @@ public void checkWhenHasIpv6AddressThenReturnFalse() throws UnknownHostException public void checkWhenHasIpv4AddressThenReturnTrue() throws UnknownHostException { IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager .hasIpAddress("192.168.1.104"); - boolean granted = v4manager.check(null, context("192.168.1.104")).block().isGranted(); + boolean granted = v4manager.authorize(null, context("192.168.1.104")).block().isGranted(); assertThat(granted).isTrue(); } @@ -62,7 +62,7 @@ public void checkWhenHasIpv4AddressThenReturnTrue() throws UnknownHostException public void checkWhenHasIpv4AddressThenReturnFalse() throws UnknownHostException { IpAddressReactiveAuthorizationManager v4manager = IpAddressReactiveAuthorizationManager .hasIpAddress("192.168.1.104"); - boolean granted = v4manager.check(null, context("192.168.100.15")).block().isGranted(); + boolean granted = v4manager.authorize(null, context("192.168.100.15")).block().isGranted(); assertThat(granted).isFalse(); }