Cleanup Kotlin AuthorizationManagerFactory Generics

rwinch · rwinch · commit 459b872a2046 · 2025-09-23T10:32:02.000-05:00
This cleans up the generic types within the Kotlin DSL that reference AuthorizationManagerFactory Issue spring-projectsgh-17860
diff --git a/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt
@@ -274,22 +274,22 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
     }
 
     constructor(context: ApplicationContext) {
-        this.authorizationManagerFactory = resolveAuthorizationManagerFactory(context)
+        this.authorizationManagerFactory =  resolveAuthorizationManagerFactory(context)
         this.authenticated = this.authorizationManagerFactory.authenticated()
         this.denyAll = this.authorizationManagerFactory.denyAll()
         this.fullyAuthenticated = this.authorizationManagerFactory.fullyAuthenticated()
         this.permitAll = this.authorizationManagerFactory.permitAll()
     }
 
     private fun resolveAuthorizationManagerFactory(context: ApplicationContext): AuthorizationManagerFactory<in RequestAuthorizationContext> {
-        val specific = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()
-        if (specific != null) {
-            return specific
+        val factoryOfRequestAuthorizationContext = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()
+        if (factoryOfRequestAuthorizationContext != null) {
+            return factoryOfRequestAuthorizationContext
         }
-        val type = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)
-        val general: AuthorizationManagerFactory<in RequestAuthorizationContext>? = context.getBeanProvider<AuthorizationManagerFactory<in RequestAuthorizationContext>>(type).getIfUnique()
-        if (general != null) {
-            return general
+        val factoryOfObjectType = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)
+        val factoryOfAny = context.getBeanProvider<AuthorizationManagerFactory<Any>>(factoryOfObjectType).getIfUnique()
+        if (factoryOfAny != null) {
+            return factoryOfAny
         }
         val defaultFactory: DefaultAuthorizationManagerFactory<RequestAuthorizationContext> = DefaultAuthorizationManagerFactory()
         val rolePrefix = resolveRolePrefix(context)
@@ -318,4 +318,5 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
         }
         return NullRoleHierarchy()
     }
+
 }
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
@@ -16,10 +16,12 @@
 
 package org.springframework.security.config.annotation.web
 
+import io.mockk.Called
 import io.mockk.every
 import io.mockk.mockk
 import io.mockk.verify
 import jakarta.servlet.DispatcherType
+import org.aopalliance.intercept.MethodInvocation
 import org.assertj.core.api.Assertions.assertThatThrownBy
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
@@ -1120,4 +1122,51 @@ class AuthorizeHttpRequestsDslTests {
             }
         }
     }
+
+    @Test
+    fun `custom AuthorizationManagerFactory of MethodInvocation`() {
+        this.spring.register(AuthorizationManagerFactoryMethodInvocationConfig::class.java).autowire()
+        val authzManagerFactory =
+            this.spring.context.getBean<AuthorizationManagerFactory<MethodInvocation>>()
+
+        verify(exactly = 0) { authzManagerFactory.authenticated() }
+    }
+
+    @Configuration
+    @EnableWebSecurity
+    @EnableWebMvc
+    open class AuthorizationManagerFactoryMethodInvocationConfig {
+        val authorizationManager: AuthorizationManager<MethodInvocation> = mockk()
+
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+            http {
+                authorizeHttpRequests {
+                    authorize("/authenticated", authenticated)
+                }
+                httpBasic {  }
+                rememberMe {  }
+            }
+            return http.build()
+        }
+
+        @Bean
+        open fun authorizationManagerFactory(): AuthorizationManagerFactory<MethodInvocation> {
+            val factory: AuthorizationManagerFactory<MethodInvocation> = mockk()
+            every { factory.authenticated() } returns this.authorizationManager
+
+            return factory
+        }
+
+        @Bean
+        open fun userDetailsService(): UserDetailsService = InMemoryUserDetailsManager(TestAuthentication.user())
+
+        @RestController
+        internal class OkController {
+            @GetMapping("/**")
+            fun ok(): String {
+                return "ok"
+            }
+        }
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -274,22 +274,22 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {`
`274`	`274`	`}`
`275`	`275`
`276`	`276`	`constructor(context: ApplicationContext) {`
`277`		`- this.authorizationManagerFactory = resolveAuthorizationManagerFactory(context)`
	`277`	`+ this.authorizationManagerFactory = resolveAuthorizationManagerFactory(context)`
`278`	`278`	`this.authenticated = this.authorizationManagerFactory.authenticated()`
`279`	`279`	`this.denyAll = this.authorizationManagerFactory.denyAll()`
`280`	`280`	`this.fullyAuthenticated = this.authorizationManagerFactory.fullyAuthenticated()`
`281`	`281`	`this.permitAll = this.authorizationManagerFactory.permitAll()`
`282`	`282`	`}`
`283`	`283`
`284`	`284`	`private fun resolveAuthorizationManagerFactory(context: ApplicationContext): AuthorizationManagerFactory<in RequestAuthorizationContext> {`
`285`		`- val specific = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()`
`286`		`- if (specific != null) {`
`287`		`- return specific`
	`285`	`+ val factoryOfRequestAuthorizationContext = context.getBeanProvider<AuthorizationManagerFactory<RequestAuthorizationContext>>().getIfUnique()`
	`286`	`+ if (factoryOfRequestAuthorizationContext != null) {`
	`287`	`+ return factoryOfRequestAuthorizationContext`
`288`	`288`	`}`
`289`		`- val type = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)`
`290`		`- val general: AuthorizationManagerFactory<in RequestAuthorizationContext>? = context.getBeanProvider<AuthorizationManagerFactory<in RequestAuthorizationContext>>(type).getIfUnique()`
`291`		`- if (general != null) {`
`292`		`- return general`
	`289`	`+ val factoryOfObjectType = ResolvableType.forClassWithGenerics(AuthorizationManagerFactory::class.java, Object::class.java)`
	`290`	`+ val factoryOfAny = context.getBeanProvider<AuthorizationManagerFactory<Any>>(factoryOfObjectType).getIfUnique()`
	`291`	`+ if (factoryOfAny != null) {`
	`292`	`+ return factoryOfAny`
`293`	`293`	`}`
`294`	`294`	`val defaultFactory: DefaultAuthorizationManagerFactory<RequestAuthorizationContext> = DefaultAuthorizationManagerFactory()`
`295`	`295`	`val rolePrefix = resolveRolePrefix(context)`
`@@ -318,4 +318,5 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {`
`318`	`318`	`}`
`319`	`319`	`return NullRoleHierarchy()`
`320`	`320`	`}`
	`321`	`+`
`321`	`322`	`}`