diff --git a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java index 3cb0cf56e0a6..8162d33155c4 100644 --- a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java +++ b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java @@ -57,6 +57,7 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.authorization.AuthorityAuthorizationManager; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.util.AntPathMatcher; @@ -523,9 +524,9 @@ public Principal getPrincipal() { @Override public boolean isUserInRole(String role) { String authority = (!role.startsWith(ROLE_PREFIX)) ? ROLE_PREFIX + role : role; - return AuthorityAuthorizationManager.hasAuthority(authority) - .check(this::getAuthentication, null) - .isGranted(); + AuthorizationResult result = AuthorityAuthorizationManager.hasAuthority(authority) + .authorize(this::getAuthentication, null); + return result != null && result.isGranted(); } } diff --git a/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java b/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java index ca66cb891fbb..f641869a7ebd 100644 --- a/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java +++ b/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java @@ -25,6 +25,7 @@ import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationResult; import org.springframework.security.authorization.event.AuthorizationDeniedEvent; import org.springframework.security.authorization.event.AuthorizationEvent; @@ -48,7 +49,7 @@ void init() { @Test void authorizationDeniedEvent() { - AuthorizationDecision decision = new AuthorizationDecision(false); + AuthorizationResult decision = new AuthorizationDecision(false); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring", "password"); authentication.setDetails("details"); @@ -62,7 +63,7 @@ void authorizationDeniedEvent() { @Test void authorizationDeniedEventWhenAuthenticationIsNotAvailable() { - AuthorizationDecision decision = new AuthorizationDecision(false); + AuthorizationResult decision = new AuthorizationDecision(false); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring", "password"); authentication.setDetails("details"); @@ -77,7 +78,7 @@ void authorizationDeniedEventWhenAuthenticationIsNotAvailable() { @Test void authorizationDeniedEventWhenAuthenticationDoesNotHaveDetails() { - AuthorizationDecision decision = new AuthorizationDecision(false); + AuthorizationResult decision = new AuthorizationDecision(false); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring", "password"); AuthorizationDeniedEvent authorizationEvent = new AuthorizationDeniedEvent<>(() -> authentication, "",