Skip to content

Add SingleResultAuthorizationManager #16612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 7, 2025

Conversation

franticticktick
Copy link
Contributor

Closes gh-16590

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 17, 2025
@franticticktick
Copy link
Contributor Author

Hey @plll0123, we invite you to join the review so that your interest in contributions does not disappear :)

Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again, @franticticktick! I've left my feedback inline. Note that most if it is based on the premise that I think it class should hold an AuthorizationResult member variable, set in the constructor. This will give this class many more uses.

@jzheaux jzheaux changed the title Add Support SingleResultAuthorizationManager Add SingleResultAuthorizationManager Feb 24, 2025
@franticticktick
Copy link
Contributor Author

Hi @jzheaux, thanks for your feedback. There are several points that need to be discussed. We can add a static method, for example denyAll, and return a static final instance:

public static <C> SingleResultAuthorizationManager<C> denyAll() {
   return DENY_MANAGER;
}

This is only possible if the SingleResultAuthorizationManager instance has a raw type:

private static final SingleResultAuthorizationManager DENY_MANAGER = new SingleResultAuthorizationManager<>(new AuthorizationDecision(false));

Generics are not available in a static context, which forces us to use a raw type. I'm not sure if this is the best pattern in this case, @jzheaux what do you think about it?

@jzheaux
Copy link
Contributor

jzheaux commented Feb 28, 2025

@franticticktick good questions. First, I think it's okay to construct a SingleResultAuthorizationManager each time denyAll() is called. This is conventionally the most type-safe and I'm fine going that route.

However, since the implementation knows that it won't use the type, then it can safely use <?>:

private static final SingleResultAuthorizationManager<?> DENY = new SingleResultAuthorizationManager<>(new AuthorizationDecision(false));

That does require a cast in the static method, but again in practice this isn't a concern since this implementation never uses the type at runtime:

public static <T> SingleResultAuthorizationManager<T> denyAll() {
    return (SingleResultAuthorizationManager<T>) DENY;
}

Closes spring-projectsgh-16590

Signed-off-by: Max Batischev <mblancer@mail.ru>
@franticticktick
Copy link
Contributor Author

Hey @jzheaux thanks for the feedback. I decided to go with the second solution, although static casting may not be to the liking of clean code fans :)

@franticticktick franticticktick requested a review from jzheaux March 4, 2025 07:54
@jzheaux jzheaux self-assigned this Mar 7, 2025
@jzheaux jzheaux added in: core An issue in spring-security-core type: enhancement A general enhancement labels Mar 7, 2025
@jzheaux jzheaux added this to the 6.5.0-M3 milestone Mar 7, 2025
@jzheaux jzheaux removed the status: waiting-for-triage An issue we've not yet triaged label Mar 7, 2025
@jzheaux jzheaux merged commit 58a665e into spring-projects:main Mar 7, 2025
6 checks passed
@jzheaux
Copy link
Contributor

jzheaux commented Mar 7, 2025

Thanks, @franticticktick! This is now merged into main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: core An issue in spring-security-core type: enhancement A general enhancement
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add PermitAll and DenyAll AuthorizationManager instances
3 participants