Inicio Explorar Axuda
Rexistro Iniciar sesión
github
/
spring-security
réplica de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

Ignore synthetic methods when checking for duplicate annotations

Closes gh-13132
Florian Cramer %!s(int64=2) %!d(string=hai) anos
pai
b969179b5c
achega
9669747245
Modificáronse 2 ficheiros con 52 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 13 0
      core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
  2. 39 0
      core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java

+ 13 - 0
core/src/main/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
Ver ficheiro 

@@ -17,6 +17,7 @@
 
 package org.springframework.security.authorization.method;
 
 
 import java.lang.annotation.Annotation;
 
+import java.lang.reflect.Executable;
 
 import java.lang.reflect.Method;
 
 
 import org.springframework.core.annotation.AnnotationConfigurationException;
 
@@ -96,6 +97,10 @@ final class AuthorizationAnnotationUtils {
 
 			Class<A> annotationType) {
 
 		boolean alreadyFound = false;
 
 		for (MergedAnnotation<Annotation> mergedAnnotation : mergedAnnotations) {
 
+			if (isSynthetic(mergedAnnotation.getSource())) {
 
+				continue;
 
+			}
 
+
 
 			if (mergedAnnotation.getType() == annotationType) {
 
 				if (alreadyFound) {
 
 					return true;
 
@@ -106,6 +111,14 @@ final class AuthorizationAnnotationUtils {
 
 		return false;
 
 	}
 
 
+	private static boolean isSynthetic(Object object) {
 
+		if (object instanceof Executable) {
 
+			return ((Executable) object).isSynthetic();
 
+		}
 
+
 
+		return false;
 
+	}
 
+
 
 	private AuthorizationAnnotationUtils() {
 
 
 	}

+ 39 - 0
core/src/test/java/org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
Ver ficheiro 

@@ -0,0 +1,39 @@
 
+package org.springframework.security.authorization.method;
 
+
 
+import java.lang.reflect.Method;
 
+import java.lang.reflect.Proxy;
 
+import java.util.List;
 
+
 
+import org.junit.jupiter.api.Test;
 
+import org.springframework.security.access.prepost.PreAuthorize;
 
+
 
+import static org.assertj.core.api.Assertions.assertThatNoException;
 
+
 
+/**
 
+ * Tests for {@link AuthorizationAnnotationUtils}
 
+ */
 
+class AuthorizationAnnotationUtilsTests {
 
+
 
+	@Test // gh-13132
 
+	public void annotationsOnSyntheticMethodsShouldNotTriggerAnnotationConfigurationException()
 
+			throws NoSuchMethodException {
 
+		StringRepository proxy =
 
+				(StringRepository) Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(),
 
+						new Class[] {StringRepository.class}, (p, m, args) -> null);
 
+		Method method = proxy.getClass().getDeclaredMethod("findAll");
 
+		assertThatNoException()
 
+				.isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class));
 
+	}
 
+
 
+	private interface BaseRepository<T> {
 
+
 
+		Iterable<T> findAll();
 
+	}
 
+
 
+	private interface StringRepository extends BaseRepository<String> {
 
+
 
+		@Override
 
+		@PreAuthorize("hasRole('someRole')")
 
+		List<String> findAll();
 
+	}
 
+}