Move Core Access API

Issue gh-17847
4 months ago · eedcec9d5c
157 changed files with 805 additions and 38 deletions
--- a/access/spring-security-access.gradle
+++ b/access/spring-security-access.gradle
@ -0,0 +1,42 @@
				@@ -0,0 +1,42 @@
+apply plugin: 'io.spring.convention.spring-module'
+
+dependencies {
+	management platform(project(":spring-security-dependencies"))
+	api project(':spring-security-crypto')
+	api project(':spring-security-core')
+	api 'org.springframework:spring-aop'
+	api 'org.springframework:spring-beans'
+	api 'org.springframework:spring-context'
+	api 'org.springframework:spring-core'
+	api 'org.springframework:spring-expression'
+	api 'io.micrometer:micrometer-observation'
+
+	optional 'com.fasterxml.jackson.core:jackson-databind'
+	optional 'io.micrometer:context-propagation'
+	optional 'io.projectreactor:reactor-core'
+	optional 'jakarta.annotation:jakarta.annotation-api'
+	optional 'org.aspectj:aspectjrt'
+	optional 'org.springframework:spring-jdbc'
+	optional 'org.springframework:spring-tx'
+	optional 'org.jetbrains.kotlinx:kotlinx-coroutines-reactor'
+
+	testImplementation 'commons-collections:commons-collections'
+	testImplementation 'io.projectreactor:reactor-test'
+	testImplementation "org.assertj:assertj-core"
+	testImplementation "org.junit.jupiter:junit-jupiter-api"
+	testImplementation "org.junit.jupiter:junit-jupiter-params"
+	testImplementation "org.junit.jupiter:junit-jupiter-engine"
+	testImplementation "org.mockito:mockito-core"
+	testImplementation "org.mockito:mockito-junit-jupiter"
+	testImplementation "org.springframework:spring-core-test"
+	testImplementation "org.springframework:spring-test"
+	testImplementation 'org.skyscreamer:jsonassert'
+	testImplementation 'org.springframework:spring-test'
+	testImplementation 'org.jetbrains.kotlin:kotlin-reflect'
+	testImplementation 'org.jetbrains.kotlin:kotlin-stdlib-jdk8'
+	testImplementation 'io.mockk:mockk'
+
+	testRuntimeOnly 'org.hsqldb:hsqldb'
+	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+}
+
--- a/access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
+++ b/access/src/main/java/org/springframework/security/access/AccessDecisionManager.java
--- a/access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
+++ b/access/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
--- a/access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
+++ b/access/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
--- a/access/src/main/java/org/springframework/security/access/ConfigAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/ConfigAttribute.java
--- a/access/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/access/src/main/java/org/springframework/security/access/SecurityConfig.java
--- a/access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
--- a/access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
--- a/access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/annotation/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/annotation/package-info.java
@ -0,0 +1,23 @@
				@@ -0,0 +1,23 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Support for JSR-250 and Spring Security {@code @Secured} annotations.
+ */
+@NullMarked
+package org.springframework.security.access.annotation;
+
+import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/access/src/main/java/org/springframework/security/access/event/LoggerListener.java
--- a/access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
+++ b/access/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
--- a/access/src/main/java/org/springframework/security/access/event/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/event/package-info.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
--- a/access/src/main/java/org/springframework/security/access/expression/method/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/expression/method/package-info.java
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Implementation of expression-based method security.
+ *
+ * @since 3.0
+ */
+@NullMarked
+package org.springframework.security.access.expression.method;
+
+import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
--- a/access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
--- a/access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
--- a/access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aopalliance/package-info.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJCallback.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/AspectJMethodSecurityInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/MethodInvocationAdapter.java
--- a/access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/aspectj/package-info.java
--- a/access/src/main/java/org/springframework/security/access/intercept/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/intercept/package-info.java
--- a/access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/method/P.java
+++ b/access/src/main/java/org/springframework/security/access/method/P.java
--- a/access/src/main/java/org/springframework/security/access/method/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/method/package-info.java
--- a/access/src/main/java/org/springframework/security/access/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/package-info.java
@ -0,0 +1,27 @@
				@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Core access-control related code, including security metadata related classes,
+ * interception code, access control annotations, EL support and voter-based
+ * implementations of the central
+ * {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager}
+ * interface.
+ */
+@NullMarked
+package org.springframework.security.access;
+
+import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostAdviceReactiveMethodInterceptor.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
--- a/access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
--- a/access/src/main/java/org/springframework/security/access/prepost/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/prepost/package-info.java
@ -0,0 +1,27 @@
				@@ -0,0 +1,27 @@
+/*
+ * Copyright 2004-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Contains the infrastructure classes for handling the {@code @PreAuthorize},
+ * {@code @PreFilter}, {@code @PostAuthorize} and {@code @PostFilter} annotations.
+ * <p>
+ * Other than the annotations themselves, the classes should be regarded as for internal
+ * framework use and are liable to change without notice.
+ */
+@NullMarked
+package org.springframework.security.access.prepost;
+
+import org.jspecify.annotations.NullMarked;
--- a/access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
--- a/access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/access/src/main/java/org/springframework/security/access/vote/RoleVoter.java
--- a/access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/access/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
--- a/access/src/main/java/org/springframework/security/access/vote/package-info.java
+++ b/access/src/main/java/org/springframework/security/access/vote/package-info.java
--- a/access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthenticationCredentialsNotFoundEventTests.java
--- a/access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthorizationFailureEventTests.java
--- a/access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
+++ b/access/src/test/java/org/springframework/security/access/AuthorizedEventTests.java
--- a/access/src/test/java/org/springframework/security/access/ITargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/ITargetObject.java
@ -0,0 +1,36 @@
				@@ -0,0 +1,36 @@
+/*
+ * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.access;
+
+/**
+ * Represents the interface of a secured object.
+ *
+ * @author Ben Alex
+ */
+public interface ITargetObject {
+
+	Integer computeHashCode(String input);
+
+	int countLength(String input);
+
+	String makeLowerCase(String input);
+
+	String makeUpperCase(String input);
+
+	String publicMakeLowerCase(String input);
+
+}
--- a/access/src/test/java/org/springframework/security/access/OtherTargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/OtherTargetObject.java
@ -0,0 +1,53 @@
				@@ -0,0 +1,53 @@
+/*
+ * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.access;
+
+/**
+ * Simply extends {@link TargetObject} so we have a different object to put configuration
+ * attributes against.
+ * <P>
+ * There is no different behaviour. We have to define each method so that
+ * <code>Class.getMethod(methodName, args)</code> returns a <code>Method</code>
+ * referencing this class rather than the parent class.
+ * </p>
+ * <P>
+ * We need to implement <code>ITargetObject</code> again because the
+ * <code>MethodDefinitionAttributes</code> only locates attributes on interfaces
+ * explicitly defined by the intercepted class (not the interfaces defined by its parent
+ * class or classes).
+ * </p>
+ *
+ * @author Ben Alex
+ */
+public class OtherTargetObject extends TargetObject implements ITargetObject {
+
+	@Override
+	public String makeLowerCase(String input) {
+		return super.makeLowerCase(input);
+	}
+
+	@Override
+	public String makeUpperCase(String input) {
+		return super.makeUpperCase(input);
+	}
+
+	@Override
+	public String publicMakeLowerCase(String input) {
+		return super.publicMakeLowerCase(input);
+	}
+
+}
--- a/access/src/test/java/org/springframework/security/access/SecurityConfigTests.java
+++ b/access/src/test/java/org/springframework/security/access/SecurityConfigTests.java
--- a/access/src/test/java/org/springframework/security/access/TargetObject.java
+++ b/access/src/test/java/org/springframework/security/access/TargetObject.java
@ -0,0 +1,81 @@
				@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.access;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+/**
+ * Represents a secured object.
+ *
+ * @author Ben Alex
+ */
+public class TargetObject implements ITargetObject {
+
+	@Override
+	public Integer computeHashCode(String input) {
+		return input.hashCode();
+	}
+
+	@Override
+	public int countLength(String input) {
+		return input.length();
+	}
+
+	/**
+	 * Returns the lowercase string, followed by security environment information.
+	 * @param input the message to make lowercase
+	 * @return the lowercase message, a space, the <code>Authentication</code> class that
+	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
+	 * boolean indicating if the <code>Authentication</code> object is authenticated or
+	 * not
+	 */
+	@Override
+	public String makeLowerCase(String input) {
+		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+		if (auth == null) {
+			return input.toLowerCase() + " Authentication empty";
+		}
+		else {
+			return input.toLowerCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
+		}
+	}
+
+	/**
+	 * Returns the uppercase string, followed by security environment information.
+	 * @param input the message to make uppercase
+	 * @return the uppercase message, a space, the <code>Authentication</code> class that
+	 * was on the <code>SecurityContext</code> at the time of method invocation, and a
+	 * boolean indicating if the <code>Authentication</code> object is authenticated or
+	 * not
+	 */
+	@Override
+	public String makeUpperCase(String input) {
+		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+		return input.toUpperCase() + " " + auth.getClass().getName() + " " + auth.isAuthenticated();
+	}
+
+	/**
+	 * Delegates through to the {@link #makeLowerCase(String)} method.
+	 * @param input the message to be made lower-case
+	 */
+	@Override
+	public String publicMakeLowerCase(String input) {
+		return this.makeLowerCase(input);
+	}
+
+}
--- a/access/src/test/java/org/springframework/security/access/annotation/BusinessService.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/BusinessService.java
--- a/access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/BusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Entity.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Entity.java
--- a/access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/ExpressionProtectedBusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250BusinessServiceImpl.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSourceTests.java
--- a/access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/Jsr250VoterTests.java
--- a/access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/RequireAdminRole.java
--- a/access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/RequireUserRole.java
--- a/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSourceTests.java
@ -39,8 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat;
				@@ -39,8 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;

 /**
- * Tests for
- * {@link org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource}
+ * Tests for {@link SecuredAnnotationSecurityMetadataSource}
 *
 * @author Mark St.Godard
 * @author Joe Scalise
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/CrudRepository.java
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/MethodInvocationFactory.java
--- a/access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
+++ b/access/src/test/java/org/springframework/security/access/annotation/sec2150/PersonRepository.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandlerTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdviceTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodExpressionVoterTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContextTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@ -17,6 +17,7 @@
				@@ -17,6 +17,7 @@
 package org.springframework.security.access.expression.method;

 import org.aopalliance.intercept.MethodInvocation;
+import org.assertj.core.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;

@ -28,7 +29,6 @@ import org.springframework.security.access.expression.ExpressionUtils;
				@@ -28,7 +29,6 @@ import org.springframework.security.access.expression.ExpressionUtils;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.core.Authentication;

-import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
@ -65,19 +65,19 @@ public class MethodSecurityExpressionRootTests {
				@@ -65,19 +65,19 @@ public class MethodSecurityExpressionRootTests {
 	public void canCallMethodsOnVariables() {
 		this.ctx.setVariable("var", "somestring");
 		Expression e = this.parser.parseExpression("#var.length() == 10");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}

 	@Test
 	public void isAnonymousReturnsTrueIfTrustResolverReportsAnonymous() {
 		given(this.trustResolver.isAnonymous(this.user)).willReturn(true);
-		assertThat(this.root.isAnonymous()).isTrue();
+		Assertions.assertThat(this.root.isAnonymous()).isTrue();
 	}

 	@Test
 	public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() {
 		given(this.trustResolver.isAnonymous(this.user)).willReturn(false);
-		assertThat(this.root.isAnonymous()).isFalse();
+		Assertions.assertThat(this.root.isAnonymous()).isFalse();
 	}

 	@Test
@ -87,7 +87,7 @@ public class MethodSecurityExpressionRootTests {
				@@ -87,7 +87,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(false);
-		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
+		Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isFalse();
 	}

 	@Test
@ -97,7 +97,7 @@ public class MethodSecurityExpressionRootTests {
				@@ -97,7 +97,7 @@ public class MethodSecurityExpressionRootTests {
 		this.ctx.setVariable("domainObject", dummyDomainObject);
 		this.root.setPermissionEvaluator(pe);
 		given(pe.hasPermission(this.user, dummyDomainObject, "ignored")).willReturn(true);
-		assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
+		Assertions.assertThat(this.root.hasPermission(dummyDomainObject, "ignored")).isTrue();
 	}

 	@Test
@ -109,13 +109,13 @@ public class MethodSecurityExpressionRootTests {
				@@ -109,13 +109,13 @@ public class MethodSecurityExpressionRootTests {
 		given(pe.hasPermission(eq(this.user), eq(dummyDomainObject), any(Integer.class))).willReturn(true, true, false);
 		Expression e = this.parser.parseExpression("hasPermission(#domainObject, 0xA)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(#domainObject, 10)");
 		// evaluator returns true
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(#domainObject, 0xFF)");
 		// evaluator returns false, make sure return value matches
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 	}

 	@Test
@ -132,11 +132,11 @@ public class MethodSecurityExpressionRootTests {
				@@ -132,11 +132,11 @@ public class MethodSecurityExpressionRootTests {
 		given(pe.hasPermission(this.user, targetObject, i)).willReturn(true, false);
 		given(pe.hasPermission(this.user, "x", i)).willReturn(true);
 		Expression e = this.parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 		e = this.parser.parseExpression("hasPermission(this, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isFalse();
 		e = this.parser.parseExpression("hasPermission(this.x, 2)");
-		assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
+		Assertions.assertThat(ExpressionUtils.evaluateAsBoolean(e, this.ctx)).isTrue();
 	}

 }
--- a/access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/PrePostAnnotationSecurityMetadataSourceTests.java
--- a/access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
+++ b/access/src/test/java/org/springframework/security/access/expression/method/SecurityRules.java
--- a/access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
+++ b/access/src/test/java/org/springframework/security/access/intercept/AbstractSecurityInterceptorTests.java
--- a/Show More
+++ b/Show More