Introduce UserAuthorities

Closes spring-projectsgh-15406
marcusdacoregio · Jul 16, 2024 · a5edb20 · a5edb20
1 parent ffd4a0f
commit a5edb20
Show file tree

Hide file tree

Showing 4 changed files with 91 additions and 15 deletions.
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserAuthorities.java b/core/src/main/java/org/springframework/security/core/userdetails/UserAuthorities.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.core.userdetails;
+
+import java.io.Serializable;
+import java.util.Collection;
+
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * Represents user authorities. This interface is mostly intended for scenarios where a
+ * password is not need, like X509, CAS, Passkeys, One Time Tokens and others.
+ *
+ * @author Marcus da Coregio
+ * @since 6.4
+ * @see UserAuthoritiesRepository
+ * @see UserDetails
+ */
+public interface UserAuthorities extends Serializable {
+
+	/**
+	 * Returns the authorities granted to the user. Cannot return <code>null</code>.
+	 * @return the authorities, sorted by natural key (never <code>null</code>)
+	 */
+	Collection<? extends GrantedAuthority> getAuthorities();
+
+	/**
+	 * Returns the username used to authenticate the user. Cannot return
+	 * <code>null</code>.
+	 * @return the username (never <code>null</code>)
+	 */
+	String getUsername();
+
+}
diff --git a/...rc/main/java/org/springframework/security/core/userdetails/UserAuthoritiesRepository.java b/...rc/main/java/org/springframework/security/core/userdetails/UserAuthoritiesRepository.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.core.userdetails;
+
+/**
+ * Repository interface for accessing user authorities.
+ *
+ * @author Marcus da Coregio
+ * @since 6.4
+ * @see UserAuthorities
+ */
+public interface UserAuthoritiesRepository {
+
+	/**
+	 * Finds the authorities associated with the given username.
+	 * @param username the username for which to find authorities
+	 * @return the {@link UserAuthorities} object containing authorities associated with
+	 * the specified username, or {@code null} if no authorities are found
+	 */
+	UserAuthorities findAuthoritiesByUsername(String username);
+
+}
diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetails.java
@@ -40,27 +40,14 @@
  * @see UserDetailsService
  * @see UserCache
  */
-public interface UserDetails extends Serializable {
-
-	/**
-	 * Returns the authorities granted to the user. Cannot return <code>null</code>.
-	 * @return the authorities, sorted by natural key (never <code>null</code>)
-	 */
-	Collection<? extends GrantedAuthority> getAuthorities();
+public interface UserDetails extends Serializable, UserAuthorities {
 
 	/**
 	 * Returns the password used to authenticate the user.
 	 * @return the password
 	 */
 	String getPassword();
 
-	/**
-	 * Returns the username used to authenticate the user. Cannot return
-	 * <code>null</code>.
-	 * @return the username (never <code>null</code>)
-	 */
-	String getUsername();
-
 	/**
 	 * Indicates whether the user's account has expired. An expired account cannot be
 	 * authenticated.

diff --git a/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java b/core/src/main/java/org/springframework/security/core/userdetails/UserDetailsService.java
@@ -31,7 +31,7 @@
  * @see org.springframework.security.authentication.dao.DaoAuthenticationProvider
  * @see UserDetails
  */
-public interface UserDetailsService {
+public interface UserDetailsService extends UserAuthoritiesRepository {
 
 	/**
 	 * Locates the user based on the username. In the actual implementation, the search
@@ -46,4 +46,9 @@ public interface UserDetailsService {
 	 */
 	UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
 
+	@Override
+	default UserAuthorities findAuthoritiesByUsername(String username) {
+		return loadUserByUsername(username);
+	}
+
 }