Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@DeniedHandler should not require an ApplicationContext to function #15496

Closed
jzheaux opened this issue Jul 29, 2024 · 0 comments
Closed

@DeniedHandler should not require an ApplicationContext to function #15496

jzheaux opened this issue Jul 29, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core type: bug A general bug
Milestone
6.4.0-M2

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jul 29, 2024

The given test:

public class HandleTests {

    @Test
    public void test() {
       AuthorizationProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults();
       Account account = (Account) proxyFactory.proxy(new Account());
       assertThat(account.getAccountNumber()).isNull();
    }

    public static class Account {
       @PreAuthorize("denyAll")
       @HandleAuthorizationDenied(handlerClass = NullMethodAuthorizationDeniedHandler.class)
       public String getAccountNumber() {
          return "123";
       }
    }

    public class NullMethodAuthorizationDeniedHandler implements MethodAuthorizationDeniedHandler {
       @Override
       public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) {
          return null;
       }
    }
}

fails because PreAuthorizeAuthenticiationManager -- and other related managers -- resolve handlerClass by looking it up as a @Bean. The main concern here is that it is failing silently to load the handlerClass.

It would be nice if, by default, it tried to construct the value. That behavior would be replaced if an ApplicationContext is specified.
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement labels Jul 29, 2024
@jzheaux jzheaux added this to the 6.4.0-M2 milestone Jul 29, 2024
@jzheaux jzheaux self-assigned this Jul 29, 2024
@jzheaux jzheaux closed this as completed in de77e05 Aug 7, 2024
@jzheaux jzheaux mentioned this issue Aug 7, 2024
Closed
jzheaux added a commit that referenced this issue Aug 7, 2024
@jzheaux
Default Handler Resolution to Reflection-Based
34d964e 
Closes gh-15496
@jzheaux jzheaux mentioned this issue Aug 7, 2024
Closed
@jzheaux jzheaux changed the title Improve @DeniedHandler to not require an ApplicationContext to function @DeniedHandler should not require an ApplicationContext to function Aug 7, 2024
@jzheaux jzheaux added type: bug A general bug and removed type: enhancement A general enhancement labels Aug 7, 2024
@jzheaux jzheaux moved this to Done in Spring Security Team Aug 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
6.4.0-M2
Development

No branches or pull requests
1 participant
@jzheaux