Use DefaultAuthorizationManagerFactory

Signed-off-by: Steve Riesenberg <[email protected]>

Author: sjohnr

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java

@@ -18,7 +18,6 @@
 
 import java.util.List;
 import java.util.function.Function;
-import java.util.function.Supplier;
 
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -27,12 +26,12 @@
 import org.springframework.core.ResolvableType;
 import org.springframework.security.access.hierarchicalroles.NullRoleHierarchy;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
-import org.springframework.security.authorization.AuthorityAuthorizationManager;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.AuthorizationManagerFactory;
 import org.springframework.security.authorization.AuthorizationManagers;
+import org.springframework.security.authorization.DefaultAuthorizationManagerFactory;
 import org.springframework.security.authorization.SpringAuthorizationEventPublisher;
 import org.springframework.security.config.ObjectPostProcessor;
 import org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry;
@@ -45,7 +44,6 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcherEntry;
 import org.springframework.util.Assert;
-import org.springframework.util.function.SingletonSupplier;
 
 /**
  * Adds a URL based authorization using {@link AuthorizationManager}.
@@ -94,13 +92,17 @@ private AuthorizationManagerFactory<RequestAuthorizationContext> getAuthorizatio
 			.getBeanProvider(authorizationManagerFactoryType);
 
 		return authorizationManagerFactoryProvider.getIfAvailable(() -> {
-			Supplier<RoleHierarchy> roleHierarchy = SingletonSupplier
-				.of(() -> context.getBeanProvider(RoleHierarchy.class).getIfAvailable(NullRoleHierarchy::new));
+			RoleHierarchy roleHierarchy = context.getBeanProvider(RoleHierarchy.class)
+				.getIfAvailable(NullRoleHierarchy::new);
 			GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBeanProvider(GrantedAuthorityDefaults.class)
 				.getIfAvailable();
 			String rolePrefix = (grantedAuthorityDefaults != null) ? grantedAuthorityDefaults.getRolePrefix() : "ROLE_";
 
-			return new RequestAuthorizationContextAuthorizationManagerFactory(roleHierarchy, rolePrefix);
+			DefaultAuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory = new DefaultAuthorizationManagerFactory<>();
+			authorizationManagerFactory.setRoleHierarchy(roleHierarchy);
+			authorizationManagerFactory.setRolePrefix(rolePrefix);
+
+			return authorizationManagerFactory;
 		});
 	}
 
@@ -415,45 +417,4 @@ public AuthorizationManagerRequestMatcherRegistry equalTo(Function<Authenticatio
 
 	}
 
-	static final class RequestAuthorizationContextAuthorizationManagerFactory
-			implements AuthorizationManagerFactory<RequestAuthorizationContext> {
-
-		private final Supplier<RoleHierarchy> roleHierarchy;
-
-		private final String rolePrefix;
-
-		RequestAuthorizationContextAuthorizationManagerFactory(Supplier<RoleHierarchy> roleHierarchy,
-				String rolePrefix) {
-			this.roleHierarchy = roleHierarchy;
-			this.rolePrefix = rolePrefix;
-		}
-
-		@Override
-		public AuthorizationManager<RequestAuthorizationContext> hasRole(String role) {
-			return withRoleHierarchy(AuthorityAuthorizationManager.hasAnyRole(this.rolePrefix, new String[] { role }));
-		}
-
-		@Override
-		public AuthorizationManager<RequestAuthorizationContext> hasAnyRole(String... roles) {
-			return withRoleHierarchy(AuthorityAuthorizationManager.hasAnyRole(this.rolePrefix, roles));
-		}
-
-		@Override
-		public AuthorizationManager<RequestAuthorizationContext> hasAuthority(String authority) {
-			return withRoleHierarchy(AuthorityAuthorizationManager.hasAuthority(authority));
-		}
-
-		@Override
-		public AuthorizationManager<RequestAuthorizationContext> hasAnyAuthority(String... authorities) {
-			return withRoleHierarchy(AuthorityAuthorizationManager.hasAnyAuthority(authorities));
-		}
-
-		private AuthorityAuthorizationManager<RequestAuthorizationContext> withRoleHierarchy(
-				AuthorityAuthorizationManager<RequestAuthorizationContext> manager) {
-			manager.setRoleHierarchy(this.roleHierarchy.get());
-			return manager;
-		}
-
-	}
-
 }

core/src/test/java/org/springframework/security/authorization/AuthorizationManagerFactoryTests.java

@@ -97,8 +97,4 @@ public void anonymousReturnsAuthenticatedAuthorizationManagerByDefault() {
 		assertThat(authorizationManager).isInstanceOf(AuthenticatedAuthorizationManager.class);
 	}
 
-	private static final class DefaultAuthorizationManagerFactory<T> implements AuthorizationManagerFactory<T> {
-
-	}
-
 }