diff --git a/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java b/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java index 7d51bd19e3..adbfb5363b 100644 --- a/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java +++ b/config/src/main/java/org/springframework/security/config/method/PointcutDelegatingAuthorizationManager.java @@ -20,6 +20,7 @@ import java.util.Map; import java.util.function.Supplier; import org.aopalliance.intercept.MethodInvocation; +import org.jspecify.annotations.Nullable; import org.springframework.aop.Pointcut; import org.springframework.aop.support.AopUtils; @@ -37,7 +38,8 @@ class PointcutDelegatingAuthorizationManager implements AuthorizationManager authentication, MethodInvocation object) { + public AuthorizationResult authorize(Supplier authentication, + MethodInvocation object) { for (Map.Entry> entry : this.managers.entrySet()) { Class targetClass = (object.getThis() != null) ? AopUtils.getTargetClass(object.getThis()) : null; if (entry.getKey().getClassFilter().matches(targetClass) diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java index 5a1d32dd43..2201713bd1 100644 --- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java @@ -25,6 +25,7 @@ import java.util.Map; import java.util.Set; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; import org.w3c.dom.Element; import org.springframework.beans.BeansException; @@ -458,7 +459,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements } @Override - public AuthorizationResult authorize(Supplier authentication, + public AuthorizationResult authorize(Supplier authentication, MessageAuthorizationContext object) { EvaluationContext context = this.expressionHandler.createEvaluationContext(authentication, object); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, context); diff --git a/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt index f8c5db5f45..d6f15edaf8 100644 --- a/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt @@ -29,7 +29,6 @@ import org.springframework.security.config.annotation.web.configurers.AuthorizeH import org.springframework.security.config.core.GrantedAuthorityDefaults import org.springframework.security.core.Authentication import org.springframework.security.web.access.IpAddressAuthorizationManager -import org.springframework.security.web.access.intercept.AuthorizationFilter import org.springframework.security.web.access.intercept.RequestAuthorizationContext import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher import org.springframework.security.web.util.matcher.AnyRequestMatcher @@ -235,13 +234,13 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl { * Specify that URLs are allowed by anyone. */ val permitAll: AuthorizationManager = - AuthorizationManager { _: Supplier, _: RequestAuthorizationContext -> AuthorizationDecision(true) } + AuthorizationManager { _: Supplier, _: RequestAuthorizationContext -> AuthorizationDecision(true) } /** * Specify that URLs are not allowed by anyone. */ val denyAll: AuthorizationManager = - AuthorizationManager { _: Supplier, _: RequestAuthorizationContext -> AuthorizationDecision(false) } + AuthorizationManager { _: Supplier, _: RequestAuthorizationContext -> AuthorizationDecision(false) } /** * Specify that URLs are allowed by any authenticated user. diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java index 8396af8e12..a8a7058240 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java @@ -25,6 +25,7 @@ import javax.security.auth.login.LoginContext; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpSession; +import org.jspecify.annotations.Nullable; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -310,7 +311,7 @@ public class NamespaceHttpTests { } @Override - public AuthorizationResult authorize(Supplier authentication, + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext object) { HttpServletRequest request = object.getRequest(); FilterInvocation invocation = new FilterInvocation(request.getContextPath(), request.getServletPath(), diff --git a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java index 8afc0825f7..28aa3272f3 100644 --- a/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/method/MethodSecurityBeanDefinitionParserTests.java @@ -464,7 +464,9 @@ public class MethodSecurityBeanDefinitionParserTests { static class MyAuthorizationManager implements AuthorizationManager { @Override - public AuthorizationResult authorize(Supplier authentication, MethodInvocation object) { + public AuthorizationResult authorize( + Supplier authentication, + MethodInvocation object) { return new AuthorizationDecision("bob".equals(authentication.get().getName())); } diff --git a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java index 66dcf4cc3f..a2d66f1125 100644 --- a/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java +++ b/config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java @@ -26,6 +26,7 @@ import java.util.Map; import java.util.function.Supplier; import org.assertj.core.api.ThrowableAssert; +import org.jspecify.annotations.Nullable; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -735,7 +736,7 @@ public class WebSocketMessageBrokerConfigTests { } @Override - public EvaluationContext createEvaluationContext(Supplier authentication, + public EvaluationContext createEvaluationContext(Supplier authentication, Message message) { return new StandardEvaluationContext(new MessageSecurityExpressionRoot(authentication, message) { public boolean denyNile() { diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt index 249ea5a991..ed7bdd2e74 100644 --- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt +++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt @@ -193,7 +193,7 @@ class AuthorizeHttpRequestsDslTests { open class MvcMatcherPathVariablesConfig { @Bean open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain { - val access = AuthorizationManager { _: Supplier, context: RequestAuthorizationContext -> + val access = AuthorizationManager { _: Supplier, context: RequestAuthorizationContext -> AuthorizationDecision(context.variables["userName"] == "user") } http { diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java index 981c947201..f9c26d515f 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java @@ -57,7 +57,8 @@ public interface SecurityExpressionHandler extends AopInfrastructureBean { * @return the {@link EvaluationContext} to use * @since 5.8 */ - default EvaluationContext createEvaluationContext(Supplier<@Nullable Authentication> authentication, T invocation) { + default EvaluationContext createEvaluationContext(Supplier authentication, + T invocation) { return createEvaluationContext(authentication.get(), invocation); } diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java index 483cdbee07..7021d98d3f 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java @@ -89,7 +89,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat * Cannot be null. * @since 5.8 */ - public SecurityExpressionRoot(Supplier<@Nullable Authentication> authentication) { + public SecurityExpressionRoot(Supplier authentication) { this.authentication = SingletonSupplier.of(() -> { Authentication value = authentication.get(); Assert.notNull(value, "Authentication object cannot be null"); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java index 1237aef743..aed139cc81 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java @@ -85,7 +85,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr } @Override - public EvaluationContext createEvaluationContext(Supplier<@Nullable Authentication> authentication, + public EvaluationContext createEvaluationContext(Supplier authentication, MethodInvocation mi) { MethodSecurityExpressionOperations root = createSecurityExpressionRoot(authentication, mi); MethodSecurityEvaluationContext ctx = new MethodSecurityEvaluationContext(root, mi, @@ -104,7 +104,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr } private MethodSecurityExpressionOperations createSecurityExpressionRoot( - Supplier<@Nullable Authentication> authentication, MethodInvocation invocation) { + Supplier authentication, MethodInvocation invocation) { MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication); root.setThis(invocation.getThis()); root.setPermissionEvaluator(getPermissionEvaluator()); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java index 70fe7824a7..7459b6e697 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java @@ -42,7 +42,7 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements Met super(a); } - MethodSecurityExpressionRoot(Supplier<@Nullable Authentication> authentication) { + MethodSecurityExpressionRoot(Supplier authentication) { super(authentication); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java index b1e96afcf7..56f6cd4d4a 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java @@ -113,7 +113,7 @@ public final class AuthenticatedAuthorizationManager implements Authorization * @return an {@link AuthorizationDecision} */ @Override - public AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, T object) { + public AuthorizationResult authorize(Supplier authentication, T object) { boolean granted = this.authorizationStrategy.isGranted(authentication.get()); return new AuthorizationDecision(granted); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java index 346fce7494..37b51df3f7 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthoritiesAuthorizationManager.java @@ -57,7 +57,7 @@ public final class AuthoritiesAuthorizationManager implements AuthorizationManag * @return an {@link AuthorityAuthorizationDecision} */ @Override - public AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, + public AuthorizationResult authorize(Supplier authentication, Collection authorities) { boolean granted = isGranted(authentication.get(), authorities); return new AuthorityAuthorizationDecision(granted, AuthorityUtils.createAuthorityList(authorities)); diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java index 7530019be6..824ac376da 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationManager.java @@ -139,7 +139,7 @@ public final class AuthorityAuthorizationManager implements AuthorizationMana * {@inheritDoc} */ @Override - public AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, T object) { + public AuthorizationResult authorize(Supplier authentication, T object) { return this.delegate.authorize(authentication, this.authorities); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java index 3688bb7dbb..346cca4bdf 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java @@ -39,7 +39,7 @@ public interface AuthorizationManager { * @param object the {@link T} object to check * @throws AccessDeniedException if access is not granted */ - default void verify(Supplier<@Nullable Authentication> authentication, T object) { + default void verify(Supplier authentication, T object) { AuthorizationResult result = authorize(authentication, object); if (result != null && !result.isGranted()) { throw new AuthorizationDeniedException("Access Denied", result); @@ -54,6 +54,6 @@ public interface AuthorizationManager { * @return an {@link AuthorizationResult} * @since 6.4 */ - @Nullable AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, T object); + @Nullable AuthorizationResult authorize(Supplier authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java index 3723d0a64b..917ba5b453 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java @@ -60,7 +60,8 @@ public final class AuthorizationManagers { @SafeVarargs public static AuthorizationManager anyOf(AuthorizationDecision allAbstainDefaultDecision, AuthorizationManager... managers) { - return (AuthorizationManagerCheckAdapter) (Supplier<@Nullable Authentication> authentication, T object) -> { + return (AuthorizationManagerCheckAdapter) (Supplier authentication, + T object) -> { List results = new ArrayList<>(); for (AuthorizationManager manager : managers) { AuthorizationResult result = manager.authorize(authentication, object); @@ -106,7 +107,8 @@ public final class AuthorizationManagers { @SafeVarargs public static AuthorizationManager allOf(AuthorizationDecision allAbstainDefaultDecision, AuthorizationManager... managers) { - return (AuthorizationManagerCheckAdapter) (Supplier<@Nullable Authentication> authentication, T object) -> { + return (AuthorizationManagerCheckAdapter) (Supplier authentication, + T object) -> { List results = new ArrayList<>(); for (AuthorizationManager manager : managers) { AuthorizationResult result = manager.authorize(authentication, object); @@ -135,7 +137,7 @@ public final class AuthorizationManagers { * @since 6.3 */ public static AuthorizationManager not(AuthorizationManager manager) { - return (Supplier<@Nullable Authentication> authentication, T object) -> { + return (Supplier authentication, T object) -> { AuthorizationResult result = manager.authorize(authentication, object); if (result == null) { return null; @@ -184,7 +186,7 @@ public final class AuthorizationManagers { private interface AuthorizationManagerCheckAdapter extends AuthorizationManager { @Override - AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, T object); + AuthorizationResult authorize(Supplier authentication, T object); } diff --git a/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java index 67dfaeb743..9291d3e9a1 100644 --- a/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/ObservationAuthorizationManager.java @@ -63,7 +63,8 @@ public final class ObservationAuthorizationManager } @Override - public @Nullable AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, T object) { + public @Nullable AuthorizationResult authorize(Supplier authentication, + T object) { AuthorizationObservationContext context = new AuthorizationObservationContext<>(object); Supplier<@Nullable Authentication> wrapped = () -> { context.setAuthentication(authentication.get()); diff --git a/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java index cc9ee0e5df..522ac01ef3 100644 --- a/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java @@ -46,7 +46,7 @@ public final class SingleResultAuthorizationManager implements AuthorizationM } @Override - public AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, C object) { + public AuthorizationResult authorize(Supplier authentication, C object) { if (!(this.result instanceof AuthorizationDecision)) { throw new IllegalArgumentException("result should be AuthorizationDecision"); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java index 4cdbed200d..0cfa33dda4 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/Jsr250AuthorizationManager.java @@ -83,7 +83,7 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager authentication, + public @Nullable AuthorizationResult authorize(Supplier authentication, MethodInvocation methodInvocation) { AuthorizationManager delegate = this.registry.getManager(methodInvocation); return delegate.authorize(authentication, methodInvocation); @@ -104,7 +104,7 @@ public final class Jsr250AuthorizationManager implements AuthorizationManager a, + return (Supplier a, MethodInvocation o) -> Jsr250AuthorizationManager.this.authoritiesAuthorizationManager .authorize(a, getAllowedRolesWithPrefix(rolesAllowed)); } diff --git a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java index 18593a4994..008b674d1c 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/MethodExpressionAuthorizationManager.java @@ -74,7 +74,8 @@ public final class MethodExpressionAuthorizationManager implements Authorization * expression */ @Override - public AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, MethodInvocation context) { + public AuthorizationResult authorize(Supplier authentication, + MethodInvocation context) { EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx); return new ExpressionAuthorizationDecision(granted, this.expression); diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java index 902d8f1d57..968c0a6587 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeAuthorizationManager.java @@ -86,7 +86,7 @@ public final class PostAuthorizeAuthorizationManager * {@link PostAuthorize} annotation is not present */ @Override - public @Nullable AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, + public @Nullable AuthorizationResult authorize(Supplier authentication, MethodInvocationResult mi) { ExpressionAttribute attribute = this.registry.getAttribute(mi.getMethodInvocation()); if (attribute == null) { diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java index a1a01908a7..4075448081 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeAuthorizationManager.java @@ -78,7 +78,7 @@ public final class PreAuthorizeAuthorizationManager * {@link PreAuthorize} annotation is not present */ @Override - public @Nullable AuthorizationResult authorize(Supplier<@Nullable Authentication> authentication, + public @Nullable AuthorizationResult authorize(Supplier authentication, MethodInvocation mi) { ExpressionAttribute attribute = this.registry.getAttribute(mi); if (attribute == null) { diff --git a/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java index abff18ff16..674e81c203 100644 --- a/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/method/SecuredAuthorizationManager.java @@ -68,7 +68,7 @@ public final class SecuredAuthorizationManager implements AuthorizationManager authentication, + public @Nullable AuthorizationResult authorize(Supplier authentication, MethodInvocation mi) { Set authorities = getAuthorities(mi); return authorities.isEmpty() ? null diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java index fbb14a6191..ca62546e53 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java @@ -18,6 +18,8 @@ package org.springframework.security.messaging.access.expression; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; + import org.springframework.expression.EvaluationContext; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.messaging.Message; @@ -43,7 +45,8 @@ public class DefaultMessageSecurityExpressionHandler extends AbstractSecurity private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); @Override - public EvaluationContext createEvaluationContext(Supplier authentication, Message message) { + public EvaluationContext createEvaluationContext(Supplier authentication, + Message message) { MessageSecurityExpressionRoot root = createSecurityExpressionRoot(authentication, message); StandardEvaluationContext ctx = new StandardEvaluationContext(root); ctx.setBeanResolver(getBeanResolver()); @@ -56,8 +59,8 @@ public class DefaultMessageSecurityExpressionHandler extends AbstractSecurity return createSecurityExpressionRoot(() -> authentication, invocation); } - private MessageSecurityExpressionRoot createSecurityExpressionRoot(Supplier authentication, - Message invocation) { + private MessageSecurityExpressionRoot createSecurityExpressionRoot( + Supplier authentication, Message invocation) { MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication, invocation); root.setPermissionEvaluator(getPermissionEvaluator()); root.setTrustResolver(this.trustResolver); diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageAuthorizationContextSecurityExpressionHandler.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageAuthorizationContextSecurityExpressionHandler.java index 8726db63f0..e3fd63584c 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageAuthorizationContextSecurityExpressionHandler.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageAuthorizationContextSecurityExpressionHandler.java @@ -19,6 +19,8 @@ package org.springframework.security.messaging.access.expression; import java.util.Map; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; + import org.springframework.expression.EvaluationContext; import org.springframework.expression.ExpressionParser; import org.springframework.messaging.Message; @@ -59,7 +61,7 @@ public final class MessageAuthorizationContextSecurityExpressionHandler } @Override - public EvaluationContext createEvaluationContext(Supplier authentication, + public EvaluationContext createEvaluationContext(Supplier authentication, MessageAuthorizationContext message) { EvaluationContext context = this.delegate.createEvaluationContext(authentication, message.getMessage()); Map variables = message.getVariables(); diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java index 594a9bcbd2..44bc04e880 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java @@ -44,7 +44,7 @@ public class MessageSecurityExpressionRoot extends SecurityExpressionRoot { * @param message the {@link Message} to use * @since 5.8 */ - public MessageSecurityExpressionRoot(Supplier authentication, Message message) { + public MessageSecurityExpressionRoot(Supplier authentication, Message message) { super(authentication); this.message = message; } diff --git a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java index 8efb2be4cc..5b0cd59703 100644 --- a/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java +++ b/messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java @@ -22,6 +22,7 @@ import java.util.function.Supplier; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.Nullable; import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; @@ -54,7 +55,8 @@ public final class MessageMatcherDelegatingAuthorizationManager implements Autho } @Override - public AuthorizationResult authorize(Supplier authentication, Message message) { + public AuthorizationResult authorize(Supplier authentication, + Message message) { if (this.logger.isTraceEnabled()) { this.logger.trace(LogMessage.format("Authorizing message")); } diff --git a/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java index 9ea9edd5a7..fb4147b5c9 100644 --- a/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/IpAddressAuthorizationManager.java @@ -18,6 +18,8 @@ package org.springframework.security.web.access; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; + import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationResult; @@ -53,7 +55,7 @@ public final class IpAddressAuthorizationManager implements AuthorizationManager } @Override - public AuthorizationResult authorize(Supplier authentication, + public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext requestAuthorizationContext) { return new AuthorizationDecision( this.ipAddressMatcher.matcher(requestAuthorizationContext.getRequest()).isMatch()); diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandler.java index 28abd48946..cd7e558516 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandler.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultHttpSecurityExpressionHandler.java @@ -18,6 +18,8 @@ package org.springframework.security.web.access.expression; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; + import org.springframework.expression.EvaluationContext; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.access.expression.AbstractSecurityExpressionHandler; @@ -44,7 +46,7 @@ public class DefaultHttpSecurityExpressionHandler extends AbstractSecurityExpres private String defaultRolePrefix = "ROLE_"; @Override - public EvaluationContext createEvaluationContext(Supplier authentication, + public EvaluationContext createEvaluationContext(Supplier authentication, RequestAuthorizationContext context) { WebSecurityExpressionRoot root = createSecurityExpressionRoot(authentication, context); StandardEvaluationContext ctx = new StandardEvaluationContext(root); @@ -59,7 +61,7 @@ public class DefaultHttpSecurityExpressionHandler extends AbstractSecurityExpres return createSecurityExpressionRoot(() -> authentication, context); } - private WebSecurityExpressionRoot createSecurityExpressionRoot(Supplier authentication, + private WebSecurityExpressionRoot createSecurityExpressionRoot(Supplier authentication, RequestAuthorizationContext context) { WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, context.getRequest()); root.setRoleHierarchy(getRoleHierarchy()); diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java index 9ee61137e9..d84786905f 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionAuthorizationManager.java @@ -18,6 +18,8 @@ package org.springframework.security.web.access.expression; import java.util.function.Supplier; +import org.jspecify.annotations.Nullable; + import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContextAware; @@ -83,7 +85,8 @@ public final class WebExpressionAuthorizationManager implements AuthorizationMan * expression */ @Override - public AuthorizationResult authorize(Supplier authentication, RequestAuthorizationContext context) { + public AuthorizationResult authorize(Supplier authentication, + RequestAuthorizationContext context) { EvaluationContext ctx = this.expressionHandler.createEvaluationContext(authentication, context); boolean granted = ExpressionUtils.evaluateAsBoolean(this.expression, ctx); return new ExpressionAuthorizationDecision(granted, this.expression); diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java index c606887ca6..a5e9516d6d 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionRoot.java @@ -48,7 +48,7 @@ public class WebSecurityExpressionRoot extends SecurityExpressionRoot { * @param request the {@link HttpServletRequest} to use * @since 5.8 */ - public WebSecurityExpressionRoot(Supplier authentication, HttpServletRequest request) { + public WebSecurityExpressionRoot(Supplier authentication, HttpServletRequest request) { super(authentication); this.request = request; } diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java index 564c880f60..71d451c9f6 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java @@ -24,6 +24,7 @@ import java.util.function.Supplier; import jakarta.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jspecify.annotations.Nullable; import org.springframework.core.log.LogMessage; import org.springframework.security.authorization.AuthenticatedAuthorizationManager; @@ -63,7 +64,8 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho } @Override - public AuthorizationResult authorize(Supplier authentication, HttpServletRequest request) { + public AuthorizationResult authorize(Supplier authentication, + HttpServletRequest request) { if (this.logger.isTraceEnabled()) { this.logger.trace(LogMessage.format("Authorizing %s", requestLine(request))); }