Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify adding AuthorizationAdvisors to AuthorizationAdvisorProxyFactory #15497

Closed
jzheaux opened this issue Jul 29, 2024 · 0 comments
Closed

Simplify adding AuthorizationAdvisors to AuthorizationAdvisorProxyFactory #15497

jzheaux opened this issue Jul 29, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Milestone
6.4.0-M2

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Jul 29, 2024

To add an advisor to AuthorizationAdvisorProxyFactory is simple:

List<AuthorizationAdvisor> advisors = ...
AuthorizationAdvisorProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults();
proxyFactory.setAdvisors(advisors);

However, it's not great that all advisors need to be specified. Given that withDefaults prepares a default set of advisors already, it would be nice to be able to augment it instead of replace.

For example, addAdvisors may be valuable like so:

List<AuthorizationAdvisor> advisors = ...
AuthorizationAdvisorProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults();
proxyFactory.addAdvisors(advisors);
// ... or
proxyFactory.advisors((a) -> a.addAll(advisors))

Another option is to expose the default advisors via a static method:

List<AuthorizationAdvisor> advisors = AuthorizationAdvisorProxyFactory.defaultAdvisors();
advisors.add(...);
AuthorizationAdvisorProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults();
proxyFactory.setAdvisors(advisors);

Note that mutability is necessary in this case since this allows a recursive nesting of advisors, important in the case of @AuthorizeReturnObject, for example.
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement labels Jul 29, 2024
@jzheaux jzheaux added this to the 6.4.0-M2 milestone Jul 29, 2024
@jzheaux jzheaux self-assigned this Jul 29, 2024
@jzheaux jzheaux closed this as completed in 02cca6f Aug 7, 2024
jzheaux added a commit that referenced this issue Aug 12, 2024
@jzheaux
Revert "Polish AuthorizationAdvisorProxyFactory advisor configuration"
59ec1f6 
This commit had some unintended consequences when the advisor
interceptor was published in a Spring Boot application. As such,
15497 will be reopened to investigate. In the meantime, this commit
reverts the previous change so as to allow the build to pass.

Issue gh-15497
@jzheaux jzheaux reopened this Aug 12, 2024
@sjohnr sjohnr modified the milestones: 6.4.0-M2, 6.4.0-M3 Aug 19, 2024
@jzheaux jzheaux modified the milestones: 6.4.0-M3, 6.4.0-M2 Aug 22, 2024
jzheaux added a commit to jzheaux/spring-security that referenced this issue Sep 16, 2024
@jzheaux
Use addAdvisors in Reactive Proxy Configuration
b30cc15 
Issue spring-projectsgh-15497
jzheaux added a commit that referenced this issue Sep 16, 2024
@jzheaux
Use addAdvisors in Reactive Proxy Configuration
2bb3787 
Issue gh-15497
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
Spring Security Team
Status: Done
Milestone
6.4.0-M2
Development

No branches or pull requests
2 participants
@jzheaux @sjohnr