Skip to content

Commit bfa78c3

Browse files
sjohnrsjohnr
committed
Add AuthorizationManagerFactory
Issue gh-17585 Signed-off-by: Steve Riesenberg <[email protected]>
1 parent 34742c9 commit bfa78c3

File tree

2 files changed

+226
-0
lines changed

2 files changed

+226
-0
lines changed

core/src/main/java/org/springframework/security/authorization/AuthorizationManagerFactory.java

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
/*
2+
* Copyright 2002-2025 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.authorization;
18+
19+
/**
20+
* A factory for creating different kinds of {@link AuthorizationManager} instances.
21+
*
22+
* @param <T> the type of object that the authorization check is being done on.
23+
* @author Steve Riesenberg
24+
* @since 7.0
25+
*/
26+
public interface AuthorizationManagerFactory<T> {
27+
28+
/**
29+
* Create an {@link AuthorizationManager} that allows anyone.
30+
* @return A new {@link AuthorizationManager} instance
31+
*/
32+
default AuthorizationManager<T> permitAll() {
33+
return SingleResultAuthorizationManager.permitAll();
34+
}
35+
36+
/**
37+
* Creates an {@link AuthorizationManager} that does not allow anyone.
38+
* @return A new {@link AuthorizationManager} instance
39+
*/
40+
default AuthorizationManager<T> denyAll() {
41+
return SingleResultAuthorizationManager.denyAll();
42+
}
43+
44+
/**
45+
* Creates an {@link AuthorizationManager} that requires users to have the specified
46+
* role.
47+
* @param role the role (automatically prepended with ROLE_) that should be required
48+
* to allow access (i.e. USER, ADMIN, etc.)
49+
* @return A new {@link AuthorizationManager} instance
50+
*/
51+
default AuthorizationManager<T> hasRole(String role) {
52+
return AuthorityAuthorizationManager.hasRole(role);
53+
}
54+
55+
/**
56+
* Creates an {@link AuthorizationManager} that requires users to have one of many
57+
* roles.
58+
* @param roles the roles (automatically prepended with ROLE_) that the user should
59+
* have at least one of to allow access (i.e. USER, ADMIN, etc.)
60+
* @return A new {@link AuthorizationManager} instance
61+
*/
62+
default AuthorizationManager<T> hasAnyRole(String... roles) {
63+
return AuthorityAuthorizationManager.hasAnyRole(roles);
64+
}
65+
66+
/**
67+
* Creates an {@link AuthorizationManager} that requires users to have the specified
68+
* authority.
69+
* @param authority the authority that should be required to allow access (i.e. USER,
70+
* ADMIN, etc.)
71+
* @return A new {@link AuthorizationManager} instance
72+
*/
73+
default AuthorizationManager<T> hasAuthority(String authority) {
74+
return AuthorityAuthorizationManager.hasAuthority(authority);
75+
}
76+
77+
/**
78+
* Creates an {@link AuthorizationManager} that requires users to have one of many
79+
* authorities.
80+
* @param authorities the authorities that the user should have at least one of to
81+
* allow access (i.e. ROLE_USER, ROLE_ADMIN, etc.)
82+
* @return A new {@link AuthorizationManager} instance
83+
*/
84+
default AuthorizationManager<T> hasAnyAuthority(String... authorities) {
85+
return AuthorityAuthorizationManager.hasAnyAuthority(authorities);
86+
}
87+
88+
/**
89+
* Creates an {@link AuthorizationManager} that allows any authenticated user.
90+
* @return A new {@link AuthorizationManager} instance
91+
*/
92+
default AuthorizationManager<T> authenticated() {
93+
return AuthenticatedAuthorizationManager.authenticated();
94+
}
95+
96+
/**
97+
* Creates an {@link AuthorizationManager} that allows users who have authenticated
98+
* and were not remembered.
99+
* @return A new {@link AuthorizationManager} instance
100+
*/
101+
default AuthorizationManager<T> fullyAuthenticated() {
102+
return AuthenticatedAuthorizationManager.fullyAuthenticated();
103+
}
104+
105+
/**
106+
* Creates an {@link AuthorizationManager} that allows users that have been
107+
* remembered.
108+
* @return A new {@link AuthorizationManager} instance
109+
*/
110+
default AuthorizationManager<T> rememberMe() {
111+
return AuthenticatedAuthorizationManager.rememberMe();
112+
}
113+
114+
/**
115+
* Creates an {@link AuthorizationManager} that allows only anonymous users.
116+
* @return A new {@link AuthorizationManager} instance
117+
*/
118+
default AuthorizationManager<T> anonymous() {
119+
return AuthenticatedAuthorizationManager.anonymous();
120+
}
121+
122+
}

core/src/test/java/org/springframework/security/authorization/AuthorizationManagerFactoryTests.java

Lines changed: 104 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,104 @@
1+
/*
2+
* Copyright 2002-2025 the original author or authors.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* https://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package org.springframework.security.authorization;
18+
19+
import org.junit.jupiter.api.Test;
20+
21+
import static org.assertj.core.api.Assertions.assertThat;
22+
23+
/**
24+
* Tests for {@link AuthorizationManagerFactory}.
25+
*
26+
* @author Steve Riesenberg
27+
*/
28+
public class AuthorizationManagerFactoryTests {
29+
30+
@Test
31+
public void permitAllReturnsSingleResultAuthorizationManagerByDefault() {
32+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
33+
AuthorizationManager<String> authorizationManager = factory.permitAll();
34+
assertThat(authorizationManager).isInstanceOf(SingleResultAuthorizationManager.class);
35+
}
36+
37+
@Test
38+
public void denyAllReturnsSingleResultAuthorizationManagerByDefault() {
39+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
40+
AuthorizationManager<String> authorizationManager = factory.denyAll();
41+
assertThat(authorizationManager).isInstanceOf(SingleResultAuthorizationManager.class);
42+
}
43+
44+
@Test
45+
public void hasRoleReturnsAuthorityAuthorizationManagerByDefault() {
46+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
47+
AuthorizationManager<String> authorizationManager = factory.hasRole("USER");
48+
assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class);
49+
}
50+
51+
@Test
52+
public void hasAnyRoleReturnsAuthorityAuthorizationManagerByDefault() {
53+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
54+
AuthorizationManager<String> authorizationManager = factory.hasAnyRole("USER", "ADMIN");
55+
assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class);
56+
}
57+
58+
@Test
59+
public void hasAuthorityReturnsAuthorityAuthorizationManagerByDefault() {
60+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
61+
AuthorizationManager<String> authorizationManager = factory.hasAuthority("authority1");
62+
assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class);
63+
}
64+
65+
@Test
66+
public void hasAnyAuthorityReturnsAuthorityAuthorizationManagerByDefault() {
67+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
68+
AuthorizationManager<String> authorizationManager = factory.hasAnyAuthority("authority1", "authority2");
69+
assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class);
70+
}
71+
72+
@Test
73+
public void authenticatedReturnsAuthenticatedAuthorizationManagerByDefault() {
74+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
75+
AuthorizationManager<String> authorizationManager = factory.authenticated();
76+
assertThat(authorizationManager).isInstanceOf(AuthenticatedAuthorizationManager.class);
77+
}
78+
79+
@Test
80+
public void fullyAuthenticatedReturnsAuthenticatedAuthorizationManagerByDefault() {
81+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
82+
AuthorizationManager<String> authorizationManager = factory.fullyAuthenticated();
83+
assertThat(authorizationManager).isInstanceOf(AuthenticatedAuthorizationManager.class);
84+
}
85+
86+
@Test
87+
public void rememberMeReturnsAuthenticatedAuthorizationManagerByDefault() {
88+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
89+
AuthorizationManager<String> authorizationManager = factory.rememberMe();
90+
assertThat(authorizationManager).isInstanceOf(AuthenticatedAuthorizationManager.class);
91+
}
92+
93+
@Test
94+
public void anonymousReturnsAuthenticatedAuthorizationManagerByDefault() {
95+
AuthorizationManagerFactory<String> factory = new DefaultAuthorizationManagerFactory<>();
96+
AuthorizationManager<String> authorizationManager = factory.anonymous();
97+
assertThat(authorizationManager).isInstanceOf(AuthenticatedAuthorizationManager.class);
98+
}
99+
100+
private static final class DefaultAuthorizationManagerFactory<T> implements AuthorizationManagerFactory<T> {
101+
102+
}
103+
104+
}

0 commit comments

Comments
 (0)