Separate MethodMatcher and AuthorizationManager #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Make DefaultOAuth2User more inline with other part of spring-security. For example, - DefaultOAuth2AuthenticatedPrincipal - AbstractAuthenticationToken Closes spring-projectsgh-9366
Fix example on registering custom marshaller for saml request
This reverts commit 9a2c184. This caused a problem with the snapshot build, reverting while I find an approach that works for community usage
- Typo in PlaceholderConfig was causing Windows builds to resolve the CLASSPATH environment variable Closes spring-projectsgh-9421
- Netty returns a slightly different exception on Windows, so adjusted assertion accordingly. Issue spring-projectsgh-9421
This reverts commit a85caa4.
There are two versions of org.opensaml that are supported, so we need to manually update opensaml dependencies. Issue spring-projectsgh-9542
- Produce sources jar - Produce Javadoc jar Issue spring-projectsgh-9095
- To make upgrade passive Issue spring-projectsgh-9095
- Because publishing an advice bean replaces Spring Security defaults, the code should error if both a custom bean and either secureEnabled or prePostEnabled are specified Issue spring-projectsgh-9289
- Changed from MethodMatcher to Pointcut since authorization annotations also can be attached to classes - Adjusted advice to extend Before or AfterAdvice - Adjusted advice to extend PointcutAdvisor so that it can share its Pointcut - Adjusted advice to extend AopInfrastructureBean to align with old advice classes Issue spring-projectsgh-9289
- Removes the need to keep MethodAuthorizationContext#returnObject in sync with other method parameters - Restores MethodAuthorizationContext's immutability Issue spring-projectsgh-9289
- Simplify registering custom authorization managers Issue spring-projectsgh-9289
- Interceptor is a more descriptive term for what method security is doing - This also allows the code to follow a delegate pattern that unifies both before-method and after- method authorization Issue spring-projectsgh-9289
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here's a thought about how
MethodMatchercould be separated fromAuthorizationManager.Please note that I didn't convert everything over to the pattern I'm proposing as this is just meant to illustrate a possibility. The two that I refactored were
PreAnnotationAuthorizationManagerBeforeAdviceandSecuredAuthorizationManagerBeforeAdvice. I also renamed some classes and methods to align conceptually with the change in hierarchy.Let me know what you think.