1 vecka sedan · 459b872a20
--- a/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt
@@ -274,7 +274,7 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
 
				     }
			
 
				 
			
 
				     constructor(context: ApplicationContext) {
			
 
				-        this.authorizationManagerFactory = resolveAuthorizationManagerFactory(context)
			
 
				+        this.authorizationManagerFactory =  resolveAuthorizationManagerFactory(context)
			
 
				         this.authenticated = this.authorizationManagerFactory.authenticated()
			
 
				         this.denyAll = this.authorizationManagerFactory.denyAll()
			
 
				         this.fullyAuthenticated = this.authorizationManagerFactory.fullyAuthenticated()
			
@@ -282,14 +282,14 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
 
				     }
			
 
				 
			
 
				     private fun resolveAuthorizationManagerFactory(context: ApplicationContext): AuthorizationManagerFactory<in RequestAuthorizationContext> {
			
 
				-        val specific = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()
			
 
				-        if (specific != null) {
			
 
				-            return specific
			
 
				+        val factoryOfRequestAuthorizationContext = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()
			
 
				+        if (factoryOfRequestAuthorizationContext != null) {
			
 
				+            return factoryOfRequestAuthorizationContext
			
 
				         }
			
 
				-        val type = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)
			
 
				-        val general: AuthorizationManagerFactory<in RequestAuthorizationContext>? = context.getBeanProvider<AuthorizationManagerFactory<in RequestAuthorizationContext>>(type).getIfUnique()
			
 
				-        if (general != null) {
			
 
				-            return general
			
 
				+        val factoryOfObjectType = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)
			
 
				+        val factoryOfAny = context.getBeanProvider<AuthorizationManagerFactory<Any>>(factoryOfObjectType).getIfUnique()
			
 
				+        if (factoryOfAny != null) {
			
 
				+            return factoryOfAny
			
 
				         }
			
 
				         val defaultFactory: DefaultAuthorizationManagerFactory<RequestAuthorizationContext> = DefaultAuthorizationManagerFactory()
			
 
				         val rolePrefix = resolveRolePrefix(context)
			
@@ -318,4 +318,5 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
 
				         }
			
 
				         return NullRoleHierarchy()
			
 
				     }
			
 
				+
			
 
				 }
			
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
@@ -16,10 +16,12 @@
 
				 
			
 
				 package org.springframework.security.config.annotation.web
			
 
				 
			
 
				+import io.mockk.Called
			
 
				 import io.mockk.every
			
 
				 import io.mockk.mockk
			
 
				 import io.mockk.verify
			
 
				 import jakarta.servlet.DispatcherType
			
 
				+import org.aopalliance.intercept.MethodInvocation
			
 
				 import org.assertj.core.api.Assertions.assertThatThrownBy
			
 
				 import org.junit.jupiter.api.Test
			
 
				 import org.junit.jupiter.api.extension.ExtendWith
			
@@ -1120,4 +1122,51 @@ class AuthorizeHttpRequestsDslTests {
 
				             }
			
 
				         }
			
 
				     }
			
 
				+
			
 
				+    @Test
			
 
				+    fun `custom AuthorizationManagerFactory of MethodInvocation`() {
			
 
				+        this.spring.register(AuthorizationManagerFactoryMethodInvocationConfig::class.java).autowire()
			
 
				+        val authzManagerFactory =
			
 
				+            this.spring.context.getBean<AuthorizationManagerFactory<MethodInvocation>>()
			
 
				+
			
 
				+        verify(exactly = 0) { authzManagerFactory.authenticated() }
			
 
				+    }
			
 
				+
			
 
				+    @Configuration
			
 
				+    @EnableWebSecurity
			
 
				+    @EnableWebMvc
			
 
				+    open class AuthorizationManagerFactoryMethodInvocationConfig {
			
 
				+        val authorizationManager: AuthorizationManager<MethodInvocation> = mockk()
			
 
				+
			
 
				+        @Bean
			
 
				+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
			
 
				+            http {
			
 
				+                authorizeHttpRequests {
			
 
				+                    authorize("/authenticated", authenticated)
			
 
				+                }
			
 
				+                httpBasic {  }
			
 
				+                rememberMe {  }
			
 
				+            }
			
 
				+            return http.build()
			
 
				+        }
			
 
				+
			
 
				+        @Bean
			
 
				+        open fun authorizationManagerFactory(): AuthorizationManagerFactory<MethodInvocation> {
			
 
				+            val factory: AuthorizationManagerFactory<MethodInvocation> = mockk()
			
 
				+            every { factory.authenticated() } returns this.authorizationManager
			
 
				+
			
 
				+            return factory
			
 
				+        }
			
 
				+
			
 
				+        @Bean
			
 
				+        open fun userDetailsService(): UserDetailsService = InMemoryUserDetailsManager(TestAuthentication.user())
			
 
				+
			
 
				+        @RestController
			
 
				+        internal class OkController {
			
 
				+            @GetMapping("/**")
			
 
				+            fun ok(): String {
			
 
				+                return "ok"
			
 
				+            }
			
 
				+        }
			
 
				+    }
			
 
				 }