Make RequestMatcherDelegatingAuthorizationManager Post-Processable

codeconsole · codeconsole · commit 641a48084d9e · 2024-10-23T13:29:18.000-06:00
Closes gh-15978
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -170,7 +170,8 @@ private AuthorizationManager<HttpServletRequest> createAuthorizationManager() {
 							+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
 			Assert.state(this.mappingCount > 0,
 					"At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");
-			RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build());
+			AuthorizationManager<HttpServletRequest> manager = postProcess(
+					(AuthorizationManager<HttpServletRequest>) this.managerBuilder.build());
 			return AuthorizeHttpRequestsConfigurer.this.postProcessor.postProcess(manager);
 		}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
@@ -172,6 +172,7 @@ public void configureWhenObjectPostProcessorRegisteredThenInvokedOnAuthorization
 		ObjectPostProcessor<Object> objectPostProcessor = this.spring.getContext()
 			.getBean(ObjectPostProcessorConfig.class).objectPostProcessor;
 		verify(objectPostProcessor).postProcess(any(RequestMatcherDelegatingAuthorizationManager.class));
+		verify(objectPostProcessor).postProcess(any(AuthorizationManager.class));
 		verify(objectPostProcessor).postProcess(any(AuthorizationFilter.class));
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -170,7 +170,8 @@ private AuthorizationManager<HttpServletRequest> createAuthorizationManager() {`
`170`	`170`	`+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");`
`171`	`171`	`Assert.state(this.mappingCount > 0,`
`172`	`172`	`"At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");`
`173`		`- RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build());`
	`173`	`+ AuthorizationManager<HttpServletRequest> manager = postProcess(`
	`174`	`+ (AuthorizationManager<HttpServletRequest>) this.managerBuilder.build());`
`174`	`175`	`return AuthorizeHttpRequestsConfigurer.this.postProcessor.postProcess(manager);`
`175`	`176`	`}`
`176`	`177`
Original file line number	Diff line number	Diff line change
`@@ -172,6 +172,7 @@ public void configureWhenObjectPostProcessorRegisteredThenInvokedOnAuthorization`
`172`	`172`	`ObjectPostProcessor<Object> objectPostProcessor = this.spring.getContext()`
`173`	`173`	`.getBean(ObjectPostProcessorConfig.class).objectPostProcessor;`
`174`	`174`	`verify(objectPostProcessor).postProcess(any(RequestMatcherDelegatingAuthorizationManager.class));`
	`175`	`+ verify(objectPostProcessor).postProcess(any(AuthorizationManager.class));`
`175`	`176`	`verify(objectPostProcessor).postProcess(any(AuthorizationFilter.class));`
`176`	`177`	`}`
`177`	`178`