Merge pull request #42679 from quaff

mhalbritter · mhalbritter · commit e36e26720675 · 2024-10-15T09:02:48.000+02:00
* pr/42679: Remove deprecated method call on AuthorityAuthorizationManager Closes gh-42679
diff --git a/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java b/spring-boot-project/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/web/reactive/AbstractWebFluxEndpointHandlerMapping.java
@@ -57,6 +57,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authorization.AuthorityAuthorizationManager;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.util.AntPathMatcher;
@@ -523,9 +524,9 @@ public Principal getPrincipal() {
 		@Override
 		public boolean isUserInRole(String role) {
 			String authority = (!role.startsWith(ROLE_PREFIX)) ? ROLE_PREFIX + role : role;
-			return AuthorityAuthorizationManager.hasAuthority(authority)
-				.check(this::getAuthentication, null)
-				.isGranted();
+			AuthorizationResult result = AuthorityAuthorizationManager.hasAuthority(authority)
+				.authorize(this::getAuthentication, null);
+			return result != null && result.isGranted();
 		}
 
 	}
diff --git a/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java b/spring-boot-project/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/security/AuthorizationAuditListenerTests.java
@@ -25,6 +25,7 @@
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationResult;
 import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
 import org.springframework.security.authorization.event.AuthorizationEvent;
 
@@ -48,7 +49,7 @@ void init() {
 
 	@Test
 	void authorizationDeniedEvent() {
-		AuthorizationDecision decision = new AuthorizationDecision(false);
+		AuthorizationResult decision = new AuthorizationDecision(false);
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring",
 				"password");
 		authentication.setDetails("details");
@@ -62,7 +63,7 @@ void authorizationDeniedEvent() {
 
 	@Test
 	void authorizationDeniedEventWhenAuthenticationIsNotAvailable() {
-		AuthorizationDecision decision = new AuthorizationDecision(false);
+		AuthorizationResult decision = new AuthorizationDecision(false);
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring",
 				"password");
 		authentication.setDetails("details");
@@ -77,7 +78,7 @@ void authorizationDeniedEventWhenAuthenticationIsNotAvailable() {
 
 	@Test
 	void authorizationDeniedEventWhenAuthenticationDoesNotHaveDetails() {
-		AuthorizationDecision decision = new AuthorizationDecision(false);
+		AuthorizationResult decision = new AuthorizationDecision(false);
 		UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("spring",
 				"password");
 		AuthorizationDeniedEvent<?> authorizationEvent = new AuthorizationDeniedEvent<>(() -> authentication, "",
