Skip to content

Add SingleResultAuthorizationManager #16612

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 7, 2025
Merged

Add SingleResultAuthorizationManager #16612

merged 1 commit into from
Mar 7, 2025

Conversation

franticticktick
Copy link
Contributor

Closes gh-16590

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 17, 2025
@franticticktick
Copy link
Contributor Author

Hey @plll0123, we invite you to join the review so that your interest in contributions does not disappear :)

jzheaux
jzheaux requested changes Feb 24, 2025
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again, @franticticktick! I've left my feedback inline. Note that most if it is based on the premise that I think it class should hold an AuthorizationResult member variable, set in the constructor. This will give this class many more uses.

@jzheaux jzheaux changed the title Add Support SingleResultAuthorizationManager Add SingleResultAuthorizationManager Feb 24, 2025
@franticticktick
Copy link
Contributor Author

Hi @jzheaux, thanks for your feedback. There are several points that need to be discussed. We can add a static method, for example denyAll, and return a static final instance:

public static <C> SingleResultAuthorizationManager<C> denyAll() {
   return DENY_MANAGER;
}

This is only possible if the SingleResultAuthorizationManager instance has a raw type:

private static final SingleResultAuthorizationManager DENY_MANAGER = new SingleResultAuthorizationManager<>(new AuthorizationDecision(false));

Generics are not available in a static context, which forces us to use a raw type. I'm not sure if this is the best pattern in this case, @jzheaux what do you think about it?

@jzheaux
Copy link
Contributor

jzheaux commented Feb 28, 2025

@franticticktick good questions. First, I think it's okay to construct a SingleResultAuthorizationManager each time denyAll() is called. This is conventionally the most type-safe and I'm fine going that route.

However, since the implementation knows that it won't use the type, then it can safely use <?>:

private static final SingleResultAuthorizationManager<?> DENY = new SingleResultAuthorizationManager<>(new AuthorizationDecision(false));

That does require a cast in the static method, but again in practice this isn't a concern since this implementation never uses the type at runtime:

public static <T> SingleResultAuthorizationManager<T> denyAll() {
    return (SingleResultAuthorizationManager<T>) DENY;
}

@franticticktick
Add Support SingleResultAuthorizationManager
a644c06 
Closes spring-projectsgh-16590

Signed-off-by: Max Batischev <mblancer@mail.ru>
@franticticktick
Copy link
Contributor Author

Hey @jzheaux thanks for the feedback. I decided to go with the second solution, although static casting may not be to the liking of clean code fans :)

@franticticktick franticticktick requested a review from jzheaux March 4, 2025 07:54
@jzheaux jzheaux self-assigned this Mar 7, 2025
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement labels Mar 7, 2025
@jzheaux jzheaux added this to the 6.5.0-M3 milestone Mar 7, 2025
@jzheaux jzheaux removed the status: waiting-for-triage An issue we've not yet triaged label Mar 7, 2025
@jzheaux jzheaux merged commit 58a665e into spring-projects:main Mar 7, 2025
6 checks passed
@jzheaux
Copy link
Contributor

jzheaux commented Mar 7, 2025

Thanks, @franticticktick! This is now merged into main.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@jzheaux jzheaux jzheaux approved these changes

Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Milestone
6.5.0-M3
Development

Successfully merging this pull request may close these issues.

Add PermitAll and DenyAll AuthorizationManager instances
3 participants
@franticticktick @jzheaux @spring-projects-issues