Skip to content

Add AuthorizationManagerFactory #17673

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add AuthorizationManagerFactory #17673

wants to merge 1 commit into from
+1,148 −199

Conversation

sjohnr
Copy link
Contributor

@sjohnr sjohnr commented Aug 8, 2025

This PR is a work in progress. cc: @rwinch

@sjohnr sjohnr mentioned this pull request Aug 8, 2025
Open
@sjohnr sjohnr force-pushed the gh-17585-authorization-manager-factory branch 4 times, most recently from 4ef91a4 to 1de115e Compare August 13, 2025 15:49
rwinch
rwinch requested changes Aug 14, 2025
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @sjohnr! I've provided feedback inline.

@sjohnr
Copy link
Contributor Author

sjohnr commented Aug 19, 2025

@rwinch Thanks for the review! Changing the generic type of MessageSecurityExpressionRoot to Message<T> is a breaking change. Please confirm if that's something we want to do here and I will work on this and the other changes from your review.

@rwinch
Copy link
Member

rwinch commented Aug 19, 2025
edited
Loading

@sjohnr

@rwinch Thanks for the review! Changing the generic type of MessageSecurityExpressionRoot to Message<T> is a breaking change. Please confirm if that's something we want to do here and I will work on this and the other changes from your review.

I think that this can work if we update the constructor too. For example:

public class MessageSecurityExpressionRoot<T> extends SecurityExpressionRoot {

	public final Message<T> message;

	public MessageSecurityExpressionRoot(Authentication authentication, Message<T> message) {
	  ...
	public MessageSecurityExpressionRoot(Supplier<Authentication> authentication, Message<T> message) {
	  ...

Then this will compile:

Message<?> message = ...
MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot<>(authentication, message);

@sjohnr
Add AuthorizationManagerFactory
5fb6f37 
Signed-off-by: Steve Riesenberg <[email protected]>
@sjohnr sjohnr force-pushed the gh-17585-authorization-manager-factory branch from 1de115e to 5fb6f37 Compare August 20, 2025 14:50
@sjohnr
Copy link
Contributor Author

sjohnr commented Aug 20, 2025

@rwinch I've working through the changes and it's looking really good. The only thing I'm noticing is that a few packages are missing nullability defaults.

  • org.springframework.security.web.access.expression has a package-info.java but no @NullMarked. Is this intended or perhaps it should be addressed separately?
  • org.springframework.security.messaging.access.expression is missing package-info.java along with all the other packages in spring-security-messaging.

As it stands now, classes in these packages show as having inconsistent nullability. These show up as IntelliJ inspections for me, similar to our conversation a few weeks ago. I think adding @NullMarked at the package level will address this, but if omitting that was intentional, let me know. I've added @NullMarked at the class level to show where these issues are but I will revert that after you review.

@sjohnr sjohnr requested a review from rwinch August 20, 2025 15:04
@sjohnr sjohnr marked this pull request as ready for review August 20, 2025 17:58
@rwinch rwinch mentioned this pull request Aug 20, 2025
Open
rwinch
rwinch requested changes Aug 20, 2025
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking great @sjohnr!

I think we are very close 😄 I provided a few minor comments inline.

Now that we are almost done, please also add documentation (using include-code).

After those are addressed, I think we will be ready to merge!

@rwinch
Copy link
Member

rwinch commented Aug 20, 2025

We've only added nullability for crypto and core so feel free to leave as is. We'll get the rest of the module in a different ticket commit.

This was referenced Aug 20, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sjohnr @rwinch