Skip to content

Commit

Permalink
Ignore synthetic methods when checking for duplicate annotations
Browse files Browse the repository at this point in the history 
Closes gh-13132
  • Loading branch information
@jzheaux
Florian Cramer authored and jzheaux committed May 11, 2023
1 parent b969179 commit 9669747
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 0 deletions.
13 changes: 13 additions & 0 deletions .../java/org/springframework/security/authorization/method/AuthorizationAnnotationUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package org.springframework.security.authorization.method;

import java.lang.annotation.Annotation;
import java.lang.reflect.Executable;
import java.lang.reflect.Method;

import org.springframework.core.annotation.AnnotationConfigurationException;
Expand Down Expand Up @@ -96,6 +97,10 @@ private static <A extends Annotation> boolean hasDuplicate(MergedAnnotations mer
Class<A> annotationType) {
boolean alreadyFound = false;
for (MergedAnnotation<Annotation> mergedAnnotation : mergedAnnotations) {
if (isSynthetic(mergedAnnotation.getSource())) {
continue;
}

if (mergedAnnotation.getType() == annotationType) {
if (alreadyFound) {
return true;
Expand All @@ -106,6 +111,14 @@ private static <A extends Annotation> boolean hasDuplicate(MergedAnnotations mer
return false;
}

private static boolean isSynthetic(Object object) {
if (object instanceof Executable) {
return ((Executable) object).isSynthetic();
}

return false;
}

private AuthorizationAnnotationUtils() {

}
Expand Down
39 changes: 39 additions & 0 deletions .../org/springframework/security/authorization/method/AuthorizationAnnotationUtilsTests.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package org.springframework.security.authorization.method;

import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.List;

import org.junit.jupiter.api.Test;
import org.springframework.security.access.prepost.PreAuthorize;

import static org.assertj.core.api.Assertions.assertThatNoException;

/**
* Tests for {@link AuthorizationAnnotationUtils}
*/
class AuthorizationAnnotationUtilsTests {

@Test // gh-13132
public void annotationsOnSyntheticMethodsShouldNotTriggerAnnotationConfigurationException()
throws NoSuchMethodException {
StringRepository proxy =
(StringRepository) Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(),
new Class[] {StringRepository.class}, (p, m, args) -> null);
Method method = proxy.getClass().getDeclaredMethod("findAll");
assertThatNoException()
.isThrownBy(() -> AuthorizationAnnotationUtils.findUniqueAnnotation(method, PreAuthorize.class));
}

private interface BaseRepository<T> {

Iterable<T> findAll();
}

private interface StringRepository extends BaseRepository<String> {

@Override
@PreAuthorize("hasRole('someRole')")
List<String> findAll();
}
}

0 comments on commit 9669747

Please sign in to comment.