Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring Security annotations on subclasses support intercepting parent class methods. #14479

Closed
wants to merge 41 commits into from
Closed

Spring Security annotations on subclasses support intercepting parent class methods. #14479

wants to merge 41 commits into from

Conversation

kse-music
Copy link
Contributor

Closes gh-13783

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jan 22, 2024
@kse-music kse-music changed the title security annotation @PreAuthorize、@PostAuthorize etc supports intercept methods in parent class Security annotations @PreAuthorize, @PostAuthorize, etc. on subclasses support intercepting parent class methods. Jan 22, 2024
@kse-music kse-music changed the title Security annotations @PreAuthorize, @PostAuthorize, etc. on subclasses support intercepting parent class methods. Spring Security annotations on subclasses support intercepting parent class methods. Jan 25, 2024
Kardeen and others added 21 commits January 25, 2024 17:32
@Kardeen @jzheaux
Enhance JWT decoding error handling
ca10187 
Previously, the `decode` method threw a `JwtException` directly when encountering an unsupported algorithm or any exception during parsing. This commit introduces a more robust error handling mechanism. Now, instead of throwing exceptions directly, it returns a `Mono.error()` with a `BadJwtException` containing detailed error information. This approach provides more flexibility and allows the caller to handle errors in a more granular way, by being able to use project reactors onError functionality.

Closes spring-projectsgh-14467
@jzheaux
Merge branch '5.8.x' into 6.1.x
44f22ee 
Closes spring-projectsgh-14495
@jzheaux
Merge branch '6.1.x' into 6.2.x
84c45ad 
Closes spring-projectsgh-14496
@jzheaux
Merge branch '6.2.x'
01b7ad4
@marcusdacoregio
Automatically assign milestone to Dependabot PR
602d2be 
Issue spring-projectsgh-14486
@jzheaux
Fix Failing Test
27ebeef 
Closes spring-projectsgh-14467
@marcusdacoregio
Add permission to Edit Dependabot PR workflow
45f8ab3 
Issue spring-projectsgh-14486
@marcusdacoregio
Migrate spring-security-rsa into spring-security-crypto
6f7b9bb 
Closes spring-projectsgh-14202
@jzheaux
Fix Failing Test
3a53422 
Closes spring-projectsgh-14467
@jzheaux
Merge branch '6.2.x'
ee45d6c
@ahmd-nabil @jzheaux
Enhance IpAddressMatcher performance
a808c13 
Closes spring-projectsgh-14493

Signed-off-by: ahmd-nabil <[email protected]>
@NerminKarapandzic @jzheaux
Add argument resolver for SecurityContext
6e1bcfe 
Closes spring-projectsgh-13425
@dependabot @jzheaux
Bump slackapi/slack-github-action from 1.24.0 to 1.25.0
8a75382 
Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@jzheaux
Merge branch '5.8.x' into 6.1.x
b0fe1da
@jzheaux
Merge branch '6.1.x' into 6.2.x
810818b
@jzheaux
Merge branch '6.2.x'
0dcd7e7
@dependabot @jzheaux
Bump gradle/gradle-build-action from 2 to 3
7011930 
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2 to 3.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](gradle/gradle-build-action@v2...v3)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@jzheaux
Merge branch '5.8.x' into 6.1.x
ebfe8e3
@jzheaux
Merge branch '6.1.x' into 6.2.x
3b615c8
@jzheaux
Merge branch '6.2.x'
77e1935
@erichaagdev @jzheaux
Update Revved up by Develocity badge
5b281ee
@jzheaux jzheaux self-assigned this Jan 31, 2024
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 31, 2024
Federico Herrera and others added 7 commits January 30, 2024 17:16
jzheaux
jzheaux requested changes Feb 1, 2024
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @kse-music! This is looking good; I've left some feedback inline.

Also, when you submit the requested changes, will you please squash your commits and have the commit message contain a title and the ticket like so:

Have Method Security Start at Target Class

Closes gh-13783

Feel free to have a different title, the above is just the requested format.

.../java/org/springframework/security/authorization/method/Jsr250AuthorizationManagerTests.java
}

@RolesAllowed("USER")
public static class RolesAllowedClass extends SecuredAuthorizationManagerTests.ParentClass {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please copy the definition for ParentClass in this class. That way, the test classes don't refer to each other.

...rg/springframework/security/authorization/method/PostAuthorizeAuthorizationManagerTests.java
}

@PostAuthorize("hasRole('USER')")
public static class PostAuthorizeClass extends SecuredAuthorizationManagerTests.ParentClass {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please copy the definition for ParentClass in this class. That way, the test classes don't refer to each other.

Please also do this with any other references to the ParentClass defined in another test class.

@jzheaux
Copy link
Contributor

jzheaux commented Feb 1, 2024

Also, I'd recommend rebasing so that you don't need to the two extra formatting changes as well.

@kse-music kse-music closed this Feb 1, 2024
@kse-music kse-music deleted the gh-13783 branch February 1, 2024 02:50
@kse-music
Copy link
Contributor Author

hi @jzheaux ,I have opened a new pr #14516, and completed all your suggestions

@kse-music kse-music mentioned this pull request Feb 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzheaux jzheaux jzheaux requested changes

Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
No milestone