-
Notifications
You must be signed in to change notification settings - Fork 6k
Add SingleResultAuthorizationManager #16612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Hey @plll0123, we invite you to join the review so that your interest in contributions does not disappear :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again, @franticticktick! I've left my feedback inline. Note that most if it is based on the premise that I think it class should hold an AuthorizationResult
member variable, set in the constructor. This will give this class many more uses.
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Outdated
Show resolved
Hide resolved
...c/main/java/org/springframework/security/authorization/SingleResultAuthorizationManager.java
Show resolved
Hide resolved
Hi @jzheaux, thanks for your feedback. There are several points that need to be discussed. We can add a static method, for example
This is only possible if the
Generics are not available in a static context, which forces us to use a raw type. I'm not sure if this is the best pattern in this case, @jzheaux what do you think about it? |
@franticticktick good questions. First, I think it's okay to construct a However, since the implementation knows that it won't use the type, then it can safely use private static final SingleResultAuthorizationManager<?> DENY = new SingleResultAuthorizationManager<>(new AuthorizationDecision(false)); That does require a cast in the static method, but again in practice this isn't a concern since this implementation never uses the type at runtime: public static <T> SingleResultAuthorizationManager<T> denyAll() {
return (SingleResultAuthorizationManager<T>) DENY;
} |
Closes spring-projectsgh-16590 Signed-off-by: Max Batischev <mblancer@mail.ru>
ad7eead
to
a644c06
Compare
Hey @jzheaux thanks for the feedback. I decided to go with the second solution, although static casting may not be to the liking of clean code fans :) |
Thanks, @franticticktick! This is now merged into main. |
Closes gh-16590