6 ani în urmă · 60e3bf4093
--- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java
@@ -16,6 +16,8 @@
 
				 
			
 
				 package org.springframework.security.authorization;
			
 
				 
			
 
				+import org.springframework.security.authentication.AuthenticationTrustResolver;
			
 
				+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import reactor.core.publisher.Mono;
			
 
				 
			
@@ -30,13 +32,25 @@ import reactor.core.publisher.Mono;
 
				  */
			
 
				 public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
			
 
				 
			
 
				+	private AuthenticationTrustResolver authTrustResolver = new AuthenticationTrustResolverImpl();
			
 
				+
			
 
				 	@Override
			
 
				 	public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
			
 
				 		return authentication
			
 
				+			.filter(this::isNotAnonymous)
			
 
				 			.map(a -> new AuthorizationDecision(a.isAuthenticated()))
			
 
				 			.defaultIfEmpty(new AuthorizationDecision(false));
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * Verify (via {@link AuthenticationTrustResolver}) that the given authentication is not anonymous.
			
 
				+	 * @param authentication to be checked
			
 
				+	 * @return <code>true</code> if not anonymous, otherwise <code>false</code>.
			
 
				+	 */
			
 
				+	private boolean isNotAnonymous(Authentication authentication) {
			
 
				+		return !authTrustResolver.isAnonymous(authentication);
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Gets an instance of {@link AuthenticatedReactiveAuthorizationManager}
			
 
				 	 * @param <T>
			
--- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java
@@ -20,11 +20,13 @@ import org.junit.Test;
 
				 import org.junit.runner.RunWith;
			
 
				 import org.mockito.Mock;
			
 
				 import org.mockito.junit.MockitoJUnitRunner;
			
 
				+import org.springframework.security.authentication.AnonymousAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import reactor.core.publisher.Mono;
			
 
				 import reactor.test.StepVerifier;
			
 
				 
			
 
				 import static org.assertj.core.api.Assertions.assertThat;
			
 
				+import static org.mockito.Mockito.mock;
			
 
				 import static org.mockito.Mockito.when;
			
 
				 
			
 
				 /**
			
@@ -62,6 +64,14 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
 
				 		assertThat(granted).isFalse();
			
 
				 	}
			
 
				 
			
 
				+	@Test
			
 
				+	public void checkWhenAnonymousAuthenticatedThenReturnFalse() {
			
 
				+		AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class);
			
 
				+
			
 
				+		boolean granted = manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
			
 
				+
			
 
				+		assertThat(granted).isFalse();
			
 
				+	}
			
 
				 
			
 
				 	@Test
			
 
				 	public void checkWhenErrorThenError() {