Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
github
/
spring-security
şunun yansıması https://github.com/spring-projects/spring-security
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Web uses AuthorizationManager<? super RequestAuthorizationContext>

This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931
Rob Winch 2 hafta önce
ebeveyn
675835e525
işleme
bce8049815
2 değiştirilmiş dosya ile 18 ekleme ve 16 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 11 9
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
  2. 7 7
      web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java

+ 11 - 9
config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
Dosyayı Görüntüle 

@@ -60,7 +60,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 
 	private final AuthorizationEventPublisher publisher;
 
 
-	private final AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory;
 
+	private final AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
 
 
 	private ObjectPostProcessor<AuthorizationManager<HttpServletRequest>> postProcessor = ObjectPostProcessor
 
 		.identity();
 
@@ -85,7 +85,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 		provider.ifUnique((postProcessor) -> this.postProcessor = postProcessor);
 
 	}
 
 
-	private AuthorizationManagerFactory<RequestAuthorizationContext> getAuthorizationManagerFactory(
 
+	private AuthorizationManagerFactory<? super RequestAuthorizationContext> getAuthorizationManagerFactory(
 
 			ApplicationContext context) {
 
 		ResolvableType authorizationManagerFactoryType = ResolvableType
 
 			.forClassWithGenerics(AuthorizationManagerFactory.class, RequestAuthorizationContext.class);
 
@@ -134,7 +134,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 	}
 
 
 	private AuthorizationManagerRequestMatcherRegistry addMapping(List<? extends RequestMatcher> matchers,
 
-			AuthorizationManager<RequestAuthorizationContext> manager) {
 
+			AuthorizationManager<? super RequestAuthorizationContext> manager) {
 
 		for (RequestMatcher matcher : matchers) {
 
 			this.registry.addMapping(matcher, manager);
 
 		}
 
@@ -166,13 +166,15 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 			setApplicationContext(context);
 
 		}
 
 
-		private void addMapping(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
 
+		private void addMapping(RequestMatcher matcher,
 
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 
 			this.unmappedMatchers = null;
 
 			this.managerBuilder.add(matcher, manager);
 
 			this.mappingCount++;
 
 		}
 
 
-		private void addFirst(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
 
+		private void addFirst(RequestMatcher matcher,
 
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 
 			this.unmappedMatchers = null;
 
 			this.managerBuilder.mappings((m) -> m.add(0, new RequestMatcherEntry<>(matcher, manager)));
 
 			this.mappingCount++;
 
@@ -220,7 +222,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 
 		private final List<? extends RequestMatcher> matchers;
 
 
-		private AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory;
 
+		private AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
 
 
 		private boolean not;
 
 
@@ -231,7 +233,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 		 * creating instances of {@link AuthorizationManager}
 
 		 */
 
 		AuthorizedUrl(List<? extends RequestMatcher> matchers,
 
-				AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) {
 
+				AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
 
 			this.matchers = matchers;
 
 			this.authorizationManagerFactory = authorizationManagerFactory;
 
 		}
 
@@ -241,7 +243,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 		}
 
 
 		void setAuthorizationManagerFactory(
 
-				AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) {
 
+				AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
 
 			this.authorizationManagerFactory = authorizationManagerFactory;
 
 		}
 
 
@@ -403,7 +405,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 		 * customizations
 
 		 */
 
 		public AuthorizationManagerRequestMatcherRegistry access(
 
-				AuthorizationManager<RequestAuthorizationContext> manager) {
 
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 
 			Assert.notNull(manager, "manager cannot be null");
 
 			return (this.not)
 
 					? AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, AuthorizationManagers.not(manager))

+ 7 - 7
web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
Dosyayı Görüntüle 

@@ -55,10 +55,10 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 
 	private final Log logger = LogFactory.getLog(getClass());
 
 
-	private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings;
 
+	private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings;
 
 
 	private RequestMatcherDelegatingAuthorizationManager(
 
-			List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings) {
 
+			List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings) {
 
 		Assert.notEmpty(mappings, "mappings cannot be empty");
 
 		this.mappings = mappings;
 
 	}
 
@@ -69,12 +69,12 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 		if (this.logger.isTraceEnabled()) {
 
 			this.logger.trace(LogMessage.format("Authorizing %s", requestLine(request)));
 
 		}
 
-		for (RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>> mapping : this.mappings) {
 
+		for (RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>> mapping : this.mappings) {
 
 
 			RequestMatcher matcher = mapping.getRequestMatcher();
 
 			MatchResult matchResult = matcher.matcher(request);
 
 			if (matchResult.isMatch()) {
 
-				AuthorizationManager<RequestAuthorizationContext> manager = mapping.getEntry();
 
+				AuthorizationManager<? super RequestAuthorizationContext> manager = mapping.getEntry();
 
 				if (this.logger.isTraceEnabled()) {
 
 					this.logger.trace(
 
 							LogMessage.format("Checking authorization on %s using %s", requestLine(request), manager));
 
@@ -108,7 +108,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 
 		private boolean anyRequestConfigured;
 
 
-		private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings = new ArrayList<>();
 
+		private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings = new ArrayList<>();
 
 
 		/**
 
 		 * Maps a {@link RequestMatcher} to an {@link AuthorizationManager}.
 
@@ -116,7 +116,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 		 * @param manager the {@link AuthorizationManager} to use
 
 		 * @return the {@link Builder} for further customizations
 
 		 */
 
-		public Builder add(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
 
+		public Builder add(RequestMatcher matcher, AuthorizationManager<? super RequestAuthorizationContext> manager) {
 
 			Assert.state(!this.anyRequestConfigured, "Can't add mappings after anyRequest");
 
 			Assert.notNull(matcher, "matcher cannot be null");
 
 			Assert.notNull(manager, "manager cannot be null");
 
@@ -133,7 +133,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 		 * @since 5.7
 
 		 */
 
 		public Builder mappings(
 
-				Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>> mappingsConsumer) {
 
+				Consumer<List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>>> mappingsConsumer) {
 
 			Assert.state(!this.anyRequestConfigured, "Can't configure mappings after anyRequest");
 
 			Assert.notNull(mappingsConsumer, "mappingsConsumer cannot be null");
 
 			mappingsConsumer.accept(this.mappings);