Skip to content

Commit 3f74991

Browse files
rwinchrwinch
committed
Authentication adds FactorGrantedAuthority
Closes gh-18001
1 parent ce36fc1 commit 3f74991

File tree

9 files changed

+20
-22
lines changed

9 files changed

+20
-22
lines changed

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
import org.springframework.security.core.GrantedAuthorities;
4242
import org.springframework.security.core.GrantedAuthority;
4343
import org.springframework.security.core.SpringSecurityMessageSource;
44-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
44+
import org.springframework.security.core.authority.FactorGrantedAuthority;
4545
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
4646
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
4747
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
@@ -151,7 +151,7 @@ private CasAuthenticationToken authenticateNow(final Authentication authenticati
151151
this.userDetailsChecker.check(userDetails);
152152
Collection<GrantedAuthority> authorities = new ArrayList<>(
153153
this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
154-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
154+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
155155
return new CasAuthenticationToken(this.key, userDetails, credentials, authorities, userDetails, assertion);
156156
}
157157
catch (TicketValidationException ex) {

core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@
3939
import org.springframework.security.core.GrantedAuthorities;
4040
import org.springframework.security.core.GrantedAuthority;
4141
import org.springframework.security.core.SpringSecurityMessageSource;
42-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
42+
import org.springframework.security.core.authority.FactorGrantedAuthority;
4343
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
4444
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
4545
import org.springframework.security.core.userdetails.UserCache;
@@ -207,7 +207,7 @@ protected Authentication createSuccessAuthentication(Object principal, Authentic
207207
// authentication events after cache expiry contain the details
208208
Collection<GrantedAuthority> authorities = new LinkedHashSet<>(
209209
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
210-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
210+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
211211
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(principal,
212212
authentication.getCredentials(), authorities);
213213
result.setDetails(authentication.getDetails());

ldap/src/main/java/org/springframework/security/ldap/authentication/AbstractLdapAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@
3535
import org.springframework.security.core.GrantedAuthorities;
3636
import org.springframework.security.core.GrantedAuthority;
3737
import org.springframework.security.core.SpringSecurityMessageSource;
38-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
38+
import org.springframework.security.core.authority.FactorGrantedAuthority;
3939
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
4040
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
4141
import org.springframework.security.core.userdetails.UserDetails;
@@ -107,7 +107,7 @@ protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenti
107107
: user.getPassword();
108108
Collection<GrantedAuthority> authorities = new LinkedHashSet<>(
109109
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
110-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
110+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
111111
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(user, password,
112112
authorities);
113113
result.setDetails(authentication.getDetails());

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
import org.springframework.security.core.AuthenticationException;
2727
import org.springframework.security.core.GrantedAuthorities;
2828
import org.springframework.security.core.GrantedAuthority;
29-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
29+
import org.springframework.security.core.authority.FactorGrantedAuthority;
3030
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
3131
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
3232
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
@@ -127,7 +127,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
127127
Collection<GrantedAuthority> authorities = new HashSet<>(oauth2User.getAuthorities());
128128
Collection<GrantedAuthority> mappedAuthorities = new LinkedHashSet<>(
129129
this.authoritiesMapper.mapAuthorities(authorities));
130-
mappedAuthorities.add(new SimpleGrantedAuthority(AUTHORITY));
130+
mappedAuthorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
131131
OAuth2LoginAuthenticationToken authenticationResult = new OAuth2LoginAuthenticationToken(
132132
loginAuthenticationToken.getClientRegistration(), loginAuthenticationToken.getAuthorizationExchange(),
133133
oauth2User, mappedAuthorities, accessToken, authorizationCodeAuthenticationToken.getRefreshToken());

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationConverter.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
import org.springframework.security.authentication.AbstractAuthenticationToken;
2424
import org.springframework.security.core.GrantedAuthorities;
2525
import org.springframework.security.core.GrantedAuthority;
26-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
26+
import org.springframework.security.core.authority.FactorGrantedAuthority;
2727
import org.springframework.security.oauth2.jwt.Jwt;
2828
import org.springframework.security.oauth2.jwt.JwtClaimNames;
2929
import org.springframework.util.Assert;
@@ -46,7 +46,7 @@ public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthen
4646
@Override
4747
public final AbstractAuthenticationToken convert(Jwt jwt) {
4848
Collection<GrantedAuthority> authorities = new HashSet<>(this.jwtGrantedAuthoritiesConverter.convert(jwt));
49-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
49+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
5050
String principalClaimValue = jwt.getClaimAsString(this.principalClaimName);
5151
return new JwtAuthenticationToken(jwt, authorities, principalClaimValue);
5252
}

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
import org.springframework.security.core.AuthenticationException;
3131
import org.springframework.security.core.GrantedAuthorities;
3232
import org.springframework.security.core.GrantedAuthority;
33-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
33+
import org.springframework.security.core.authority.FactorGrantedAuthority;
3434
import org.springframework.security.oauth2.core.OAuth2AccessToken;
3535
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
3636
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
@@ -155,7 +155,7 @@ static BearerTokenAuthentication convert(String introspectedToken,
155155
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, introspectedToken,
156156
iat, exp);
157157
Collection<GrantedAuthority> authorities = new HashSet<>(authenticatedPrincipal.getAuthorities());
158-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
158+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
159159
return new BearerTokenAuthentication(authenticatedPrincipal, accessToken, authorities);
160160
}
161161

saml2/saml2-service-provider/src/opensaml5Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml5AuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@
6161
import org.springframework.security.core.GrantedAuthorities;
6262
import org.springframework.security.core.GrantedAuthority;
6363
import org.springframework.security.core.authority.AuthorityUtils;
64-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
64+
import org.springframework.security.core.authority.FactorGrantedAuthority;
6565
import org.springframework.security.saml2.core.Saml2Error;
6666
import org.springframework.security.saml2.core.Saml2ErrorCodes;
6767
import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
@@ -906,7 +906,7 @@ public Saml2Authentication convert(ResponseToken responseToken) {
906906
Saml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal(username, accessor);
907907
Collection<GrantedAuthority> authorities = new HashSet<>(
908908
this.grantedAuthoritiesConverter.convert(assertion));
909-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
909+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
910910
return new Saml2AssertionAuthentication(principal, accessor, authorities, registrationId);
911911
}
912912

test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -67,12 +67,10 @@ public void setup() {
6767
}
6868

6969
@Test
70-
public void withAuthoritiesNotOrderSensitive() throws Exception {
71-
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
72-
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
73-
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
74-
grantedAuthorities.add(new SimpleGrantedAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
75-
this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
70+
public void withAuthoritiesStringAllowsAnyOrderAndPermitsAnyImpl() throws Exception {
71+
this.mockMvc.perform(formLogin())
72+
.andExpect(authenticated().withAuthorities("ROLE_ADMIN", "ROLE_SELLER",
73+
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
7674
}
7775

7876
@Test

webauthn/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationProvider.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
import org.springframework.security.core.AuthenticationException;
2626
import org.springframework.security.core.GrantedAuthorities;
2727
import org.springframework.security.core.GrantedAuthority;
28-
import org.springframework.security.core.authority.SimpleGrantedAuthority;
28+
import org.springframework.security.core.authority.FactorGrantedAuthority;
2929
import org.springframework.security.core.userdetails.UserDetails;
3030
import org.springframework.security.core.userdetails.UserDetailsService;
3131
import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
@@ -74,7 +74,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
7474
String username = userEntity.getName();
7575
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
7676
Collection<GrantedAuthority> authorities = new HashSet<>(userDetails.getAuthorities());
77-
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
77+
authorities.add(FactorGrantedAuthority.fromAuthority(AUTHORITY));
7878
return new WebAuthnAuthentication(userEntity, authorities);
7979
}
8080
catch (RuntimeException ex) {

0 commit comments

Comments
 (0)