Skip to content

Add Security Hint AOT Processing #15729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 10, 2024
Merged

Add Security Hint AOT Processing #15729

merged 3 commits into from
Sep 10, 2024

Conversation

jzheaux
Copy link
Contributor

@jzheaux jzheaux commented Sep 3, 2024
edited
Loading

This API allows for hint registration based on Spring Security's infrastructural beans

There are two built-in implementations:

  1. AuthorizeReturnObjectCoreHintsRegistrar traverses the object graph of all Spring beans for methods that use @AuthorizeReturnObject. It creates the initial proxy class for each of those return values. Also, it uses each return value as a launch point to find other objects that use @AuthorizeReturnObject.

  2. AuthorizeReturnObjectDataHintsRegistrar traverses Spring Data repository factory beans since each repository's primary domain object is often hidden behind generic erasure. It thereafter traverses any object it finds in the same way as 1.

Any return objects that were missed by the scan can be added by the application in the following way:

@Bean 
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
static SecurityHintsRegistrar alsoProxy(AuthorizationProxyFactory proxyFactory) {
    List<Class<?>> classes = List.of(MyExtraClass.class, MyOtherExtraClass.class);
    return new AuthorizeReturnObjectHintsRegistrar(proxyFactory, classes);
}

or the application can add a custom SecurityHintsRegistrar.

There is also a sample application available here: https://github.com/jzheaux/spring-security-samples/tree/proxy-hints-using-pr/servlet/spring-boot/java/data

marcusdacoregio
marcusdacoregio suggested changes Sep 4, 2024
View reviewed changes
Copy link
Contributor

@marcusdacoregio marcusdacoregio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's so cool @jzheaux. I've left some minor feedback inline.

@jzheaux jzheaux self-assigned this Sep 9, 2024
@jzheaux jzheaux added status: duplicate A duplicate of another issue in: cas An issue in spring-security-cas type: enhancement A general enhancement labels Sep 9, 2024
@jzheaux jzheaux added this to the 6.4.0-M4 milestone Sep 9, 2024
@jzheaux jzheaux marked this pull request as ready for review September 9, 2024 21:17
@jzheaux jzheaux added in: core An issue in spring-security-core and removed in: cas An issue in spring-security-cas labels Sep 10, 2024
@jzheaux jzheaux merged commit e29058c into spring-projects:main Sep 10, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@marcusdacoregio marcusdacoregio marcusdacoregio approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@jzheaux jzheaux

Labels
in: core An issue in spring-security-core status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Milestone
6.4.0-M4
Development

Successfully merging this pull request may close these issues.
2 participants
@jzheaux @marcusdacoregio