Consolidate ExpressionAuthorizationDecision

Issue gh-11493

core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java

@@ -23,7 +23,11 @@ import org.springframework.security.authorization.AuthorizationDecision;
  *
  * @author Marcus Da Coregio
  * @since 5.6
+ * @deprecated Use
+ * {@link org.springframework.security.authorization.ExpressionAuthorizationDecision}
+ * instead
  */
+@Deprecated
 public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision {
 
 	private final ExpressionAttribute expressionAttribute;

core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java

@@ -31,6 +31,7 @@ import org.springframework.security.access.expression.method.MethodSecurityExpre
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
@@ -76,7 +77,7 @@ public final class PostAuthorizeAuthorizationManager implements AuthorizationMan
 				mi.getMethodInvocation());
 		this.expressionHandler.setReturnObject(mi.getResult(), ctx);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx);
-		return new ExpressionAttributeAuthorizationDecision(granted, attribute);
+		return new ExpressionAuthorizationDecision(granted, attribute.getExpression());
 	}
 
 	private final class PostAuthorizeExpressionAttributeRegistry

core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java

@@ -31,6 +31,7 @@ import org.springframework.security.access.expression.method.MethodSecurityExpre
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 
@@ -74,7 +75,7 @@ public final class PreAuthorizeAuthorizationManager implements AuthorizationMana
 		}
 		EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, mi);
 		boolean granted = ExpressionUtils.evaluateAsBoolean(attribute.getExpression(), ctx);
-		return new ExpressionAttributeAuthorizationDecision(granted, attribute);
+		return new ExpressionAuthorizationDecision(granted, attribute.getExpression());
 	}
 
 	private final class PreAuthorizeExpressionAttributeRegistry

web/src/main/java/org/springframework/security/web/access/expression/ExpressionAuthorizationDecision.java

@@ -1,55 +0,0 @@
-/*
- * Copyright 2002-2022 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.web.access.expression;
-
-import org.springframework.expression.Expression;
-import org.springframework.security.authorization.AuthorizationDecision;
-
-/**
- * An expression-based {@link AuthorizationDecision}.
- *
- * @author Evgeniy Cheban
- * @since 5.8
- */
-public final class ExpressionAuthorizationDecision extends AuthorizationDecision {
-
-	private final Expression expression;
-
-	/**
-	 * Creates an instance.
-	 * @param granted the decision to use
-	 * @param expression the {@link Expression} to use
-	 */
-	public ExpressionAuthorizationDecision(boolean granted, Expression expression) {
-		super(granted);
-		this.expression = expression;
-	}
-
-	/**
-	 * Returns the {@link Expression}.
-	 * @return the {@link Expression} to use
-	 */
-	public Expression getExpression() {
-		return this.expression;
-	}
-
-	@Override
-	public String toString() {
-		return "ExpressionAuthorizationDecision[granted=" + isGranted() + ", expression='" + this.expression + "']";
-	}
-
-}

web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java

@@ -24,6 +24,7 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.ExpressionAuthorizationDecision;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
 import org.springframework.util.Assert;