Skip to content

Make BearerTokenAccessDeniedHandler non-final #16687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Make BearerTokenAccessDeniedHandler non-final #16687

wants to merge 1 commit into from

Conversation

@renannprado
Copy link

@renannprado renannprado commented Mar 1, 2025
edited
Loading

The reactor version of this class (BearerTokenServerAccessDeniedHandler) is already non-final, so I could not find a reason that it should stay like this.

In my specific case, I just wanted to add some debug/warn logs and I couldn't do it because the class is final*, that's what led me to this PR.

*As a workaround, I'll create a delegate class for this purpose, nevertheless I still propose this change.

Thanks

@renannprado
Make BearerTokenAccessDeniedHandler non-final
7a2e6b9 
The reactor version of this class (BearerTokenServerAccessDeniedHandler)
is already non-final, so I could not find a reason that it should stay
like this.

Signed-off-by: Renann Prado <[email protected]>
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 1, 2025
@franticticktick
Copy link
Contributor

Hi @renannprado , basically, all components of the public Spring Security API are final. And we do not make them available for inheritance without good reasons. In this situation, you could use the decorator pattern to add functionality:

public final class MyBearerTokenAccessDeniedHandler implements AccessDeniedHandler {
	private final BearerTokenAccessDeniedHandler bearerTokenAccessDeniedHandler;

    public MyBearerTokenAccessDeniedHandler(BearerTokenAccessDeniedHandler bearerTokenAccessDeniedHandler) {
        this.bearerTokenAccessDeniedHandler = bearerTokenAccessDeniedHandler;
    }


    @Override
	public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
		//...
	}
}

Or we can add extended logging to BearerTokenAccessDeniedHandler itself. It would be great if you closed this PR and opened a separate ticket where we could discuss possible solutions to your problem.

@renannprado
Copy link
Author

Hi @renannprado , basically, all components of the public Spring Security API are final. And we do not make them available for inheritance without good reasons. In this situation, you could use the decorator pattern to add functionality:

public final class MyBearerTokenAccessDeniedHandler implements AccessDeniedHandler {
	private final BearerTokenAccessDeniedHandler bearerTokenAccessDeniedHandler;

    public MyBearerTokenAccessDeniedHandler(BearerTokenAccessDeniedHandler bearerTokenAccessDeniedHandler) {
        this.bearerTokenAccessDeniedHandler = bearerTokenAccessDeniedHandler;
    }


    @Override
	public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
		//...
	}
}

Or we can add extended logging to BearerTokenAccessDeniedHandler itself. It would be great if you closed this PR and opened a separate ticket where we could discuss possible solutions to your problem.

That's precisely what I've already done, except that I called it delegate pattern.
I'll close the PR then, and open an issue later.

Thank you for the feedback!

@renannprado renannprado closed this Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: waiting-for-triage An issue we've not yet triaged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renannprado @franticticktick @spring-projects-issues