1 anno fa · 6e636e6abb
--- a/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
@@ -95,17 +95,28 @@ final class AuthorizationAnnotationUtils {
 
				 
			
 
				 	private static <A extends Annotation> boolean hasDuplicate(MergedAnnotations mergedAnnotations,
			
 
				 			Class<A> annotationType) {
			
 
				-		boolean alreadyFound = false;
			
 
				+		MergedAnnotation<Annotation> alreadyFound = null;
			
 
				 		for (MergedAnnotation<Annotation> mergedAnnotation : mergedAnnotations) {
			
 
				 			if (isSynthetic(mergedAnnotation.getSource())) {
			
 
				 				continue;
			
 
				 			}
			
 
				 
			
 
				-			if (mergedAnnotation.getType() == annotationType) {
			
 
				-				if (alreadyFound) {
			
 
				-					return true;
			
 
				-				}
			
 
				-				alreadyFound = true;
			
 
				+			if (mergedAnnotation.getType() != annotationType) {
			
 
				+				continue;
			
 
				+			}
			
 
				+
			
 
				+			if (alreadyFound == null) {
			
 
				+				alreadyFound = mergedAnnotation;
			
 
				+				continue;
			
 
				+			}
			
 
				+
			
 
				+			// https://github.com/spring-projects/spring-framework/issues/31803
			
 
				+			if (!mergedAnnotation.getSource().equals(alreadyFound.getSource())) {
			
 
				+				return true;
			
 
				+			}
			
 
				+
			
 
				+			if (mergedAnnotation.getRoot().getType() != alreadyFound.getRoot().getType()) {
			
 
				+				return true;
			
 
				 			}
			
 
				 		}
			
 
				 		return false;
			
--- a/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
+++ b/core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
@@ -41,6 +41,13 @@ class AuthorizationAnnotationUtilsTests {
 
				 			.isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class));
			
 
				 	}
			
 
				 
			
 
				+	@Test // gh-13625
			
 
				+	void annotationsFromSuperSuperInterfaceShouldNotTriggerAnnotationConfigurationException() throws Exception {
			
 
				+		Method method = HelloImpl.class.getMethod("sayHello");
			
 
				+		assertThatNoException()
			
 
				+			.isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class));
			
 
				+	}
			
 
				+
			
 
				 	private interface BaseRepository<T> {
			
 
				 
			
 
				 		Iterable<T> findAll();
			
@@ -55,4 +62,24 @@ class AuthorizationAnnotationUtilsTests {
 
				 
			
 
				 	}
			
 
				 
			
 
				+	private interface Hello {
			
 
				+
			
 
				+		@PreAuthorize("hasRole('someRole')")
			
 
				+		String sayHello();
			
 
				+
			
 
				+	}
			
 
				+
			
 
				+	private interface SayHello extends Hello {
			
 
				+
			
 
				+	}
			
 
				+
			
 
				+	private static class HelloImpl implements SayHello {
			
 
				+
			
 
				+		@Override
			
 
				+		public String sayHello() {
			
 
				+			return "hello";
			
 
				+		}
			
 
				+
			
 
				+	}
			
 
				+
			
 
				 }