Polish

Issue spring-projectsgh-16622

Signed-off-by: Evgeniy Cheban <[email protected]>

Author: evgeniycheban

Diff for: core/src/main/java/org/springframework/security/authorization/method/MethodAuthorizationDeniedHandlerResolver.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright 2002-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.authorization.method;
+
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.function.BiFunction;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.security.core.annotation.SecurityAnnotationScanner;
+import org.springframework.security.core.annotation.SecurityAnnotationScanners;
+import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+/**
+ * For internal use only, as this contract is likely to change.
+ *
+ * @author Evgeniy Cheban
+ */
+final class MethodAuthorizationDeniedHandlerResolver {
+
+	private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
+
+	private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
+		.requireUnique(HandleAuthorizationDenied.class);
+
+	private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> resolver;
+
+	MethodAuthorizationDeniedHandlerResolver(Class<?> managerClass) {
+		this.resolver = (beanName, handlerClass) -> new ReflectiveMethodAuthorizationDeniedHandler(handlerClass,
+				managerClass);
+	}
+
+	void setContext(ApplicationContext context) {
+		Assert.notNull(context, "context cannot be null");
+		this.resolver = (beanName, handlerClass) -> doResolve(context, beanName, handlerClass);
+	}
+
+	MethodAuthorizationDeniedHandler resolve(Method method, Class<?> targetClass, Class<?> managerClass) {
+		HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClass);
+		if (deniedHandler != null) {
+			return this.resolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
+		}
+		return this.defaultHandler;
+	}
+
+	private MethodAuthorizationDeniedHandler doResolve(ApplicationContext context, String beanName,
+			Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
+		if (StringUtils.hasText(beanName)) {
+			return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
+		}
+		if (handlerClass == this.defaultHandler.getClass()) {
+			return this.defaultHandler;
+		}
+		String[] beanNames = context.getBeanNamesForType(handlerClass);
+		if (beanNames.length == 0) {
+			throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
+		}
+		if (beanNames.length > 1) {
+			throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
+					+ " but found " + Arrays.toString(beanNames)
+					+ " consider using 'handler' attribute to refer to specific bean");
+		}
+		return context.getBean(beanNames[0], handlerClass);
+	}
+
+}

Diff for: core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeExpressionAttributeRegistry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,8 +17,6 @@
 package org.springframework.security.authorization.method;
 
 import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.function.BiFunction;
 
 import reactor.util.annotation.NonNull;
 
@@ -28,8 +26,6 @@
 import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
 import org.springframework.security.core.annotation.SecurityAnnotationScanner;
 import org.springframework.security.core.annotation.SecurityAnnotationScanners;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 /**
  * For internal use only, as this contract is likely to change.
@@ -40,21 +36,12 @@
  */
 final class PostAuthorizeExpressionAttributeRegistry extends AbstractExpressionAttributeRegistry<ExpressionAttribute> {
 
-	private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
-
-	private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
-		.requireUnique(HandleAuthorizationDenied.class);
-
-	private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> handlerResolver;
+	private final MethodAuthorizationDeniedHandlerResolver handlerResolver = new MethodAuthorizationDeniedHandlerResolver(
+			PostAuthorizeAuthorizationManager.class);
 
 	private SecurityAnnotationScanner<PostAuthorize> postAuthorizeScanner = SecurityAnnotationScanners
 		.requireUnique(PostAuthorize.class);
 
-	PostAuthorizeExpressionAttributeRegistry() {
-		this.handlerResolver = (beanName, clazz) -> new ReflectiveMethodAuthorizationDeniedHandler(clazz,
-				PostAuthorizeAuthorizationManager.class);
-	}
-
 	@NonNull
 	@Override
 	ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
@@ -63,19 +50,11 @@ ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
 			return ExpressionAttribute.NULL_ATTRIBUTE;
 		}
 		Expression expression = getExpressionHandler().getExpressionParser().parseExpression(postAuthorize.value());
-		MethodAuthorizationDeniedHandler deniedHandler = resolveHandler(method, targetClass);
+		MethodAuthorizationDeniedHandler deniedHandler = this.handlerResolver.resolve(method,
+				targetClass(method, targetClass), PostAuthorizeAuthorizationManager.class);
 		return new PostAuthorizeExpressionAttribute(expression, deniedHandler);
 	}
 
-	private MethodAuthorizationDeniedHandler resolveHandler(Method method, Class<?> targetClass) {
-		Class<?> targetClassToUse = targetClass(method, targetClass);
-		HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClassToUse);
-		if (deniedHandler != null) {
-			return this.handlerResolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
-		}
-		return this.defaultHandler;
-	}
-
 	private PostAuthorize findPostAuthorizeAnnotation(Method method, Class<?> targetClass) {
 		Class<?> targetClassToUse = targetClass(method, targetClass);
 		return this.postAuthorizeScanner.scan(method, targetClassToUse);
@@ -87,31 +66,11 @@ private PostAuthorize findPostAuthorizeAnnotation(Method method, Class<?> target
 	 * @param context the {@link ApplicationContext} to use
 	 */
 	void setApplicationContext(ApplicationContext context) {
-		Assert.notNull(context, "context cannot be null");
-		this.handlerResolver = (beanName, clazz) -> resolveHandler(context, beanName, clazz);
+		this.handlerResolver.setContext(context);
 	}
 
 	void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults) {
 		this.postAuthorizeScanner = SecurityAnnotationScanners.requireUnique(PostAuthorize.class, templateDefaults);
 	}
 
-	private MethodAuthorizationDeniedHandler resolveHandler(ApplicationContext context, String beanName,
-			Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
-		if (StringUtils.hasText(beanName)) {
-			return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
-		}
-		if (handlerClass == this.defaultHandler.getClass()) {
-			return this.defaultHandler;
-		}
-		String[] beanNames = context.getBeanNamesForType(handlerClass);
-		if (beanNames.length == 0) {
-			throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
-		}
-		if (beanNames.length > 1) {
-			throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
-					+ " but found " + Arrays.toString(beanNames));
-		}
-		return context.getBean(beanNames[0], handlerClass);
-	}
-
 }

Diff for: core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeExpressionAttributeRegistry.java

@@ -17,8 +17,6 @@
 package org.springframework.security.authorization.method;
 
 import java.lang.reflect.Method;
-import java.util.Arrays;
-import java.util.function.BiFunction;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.expression.Expression;
@@ -27,8 +25,6 @@
 import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
 import org.springframework.security.core.annotation.SecurityAnnotationScanner;
 import org.springframework.security.core.annotation.SecurityAnnotationScanners;
-import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 /**
  * For internal use only, as this contract is likely to change.
@@ -39,21 +35,12 @@
  */
 final class PreAuthorizeExpressionAttributeRegistry extends AbstractExpressionAttributeRegistry<ExpressionAttribute> {
 
-	private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();
-
-	private final SecurityAnnotationScanner<HandleAuthorizationDenied> handleAuthorizationDeniedScanner = SecurityAnnotationScanners
-		.requireUnique(HandleAuthorizationDenied.class);
-
-	private BiFunction<String, Class<? extends MethodAuthorizationDeniedHandler>, MethodAuthorizationDeniedHandler> handlerResolver;
+	private final MethodAuthorizationDeniedHandlerResolver handlerResolver = new MethodAuthorizationDeniedHandlerResolver(
+			PreAuthorizeAuthorizationManager.class);
 
 	private SecurityAnnotationScanner<PreAuthorize> preAuthorizeScanner = SecurityAnnotationScanners
 		.requireUnique(PreAuthorize.class);
 
-	PreAuthorizeExpressionAttributeRegistry() {
-		this.handlerResolver = (beanName, clazz) -> new ReflectiveMethodAuthorizationDeniedHandler(clazz,
-				PreAuthorizeAuthorizationManager.class);
-	}
-
 	@NonNull
 	@Override
 	ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
@@ -62,19 +49,11 @@ ExpressionAttribute resolveAttribute(Method method, Class<?> targetClass) {
 			return ExpressionAttribute.NULL_ATTRIBUTE;
 		}
 		Expression expression = getExpressionHandler().getExpressionParser().parseExpression(preAuthorize.value());
-		MethodAuthorizationDeniedHandler handler = resolveHandler(method, targetClass);
+		MethodAuthorizationDeniedHandler handler = this.handlerResolver.resolve(method,
+				targetClass(method, targetClass), PreAuthorizeAuthorizationManager.class);
 		return new PreAuthorizeExpressionAttribute(expression, handler);
 	}
 
-	private MethodAuthorizationDeniedHandler resolveHandler(Method method, Class<?> targetClass) {
-		Class<?> targetClassToUse = targetClass(method, targetClass);
-		HandleAuthorizationDenied deniedHandler = this.handleAuthorizationDeniedScanner.scan(method, targetClassToUse);
-		if (deniedHandler != null) {
-			return this.handlerResolver.apply(deniedHandler.handler(), deniedHandler.handlerClass());
-		}
-		return this.defaultHandler;
-	}
-
 	private PreAuthorize findPreAuthorizeAnnotation(Method method, Class<?> targetClass) {
 		Class<?> targetClassToUse = targetClass(method, targetClass);
 		return this.preAuthorizeScanner.scan(method, targetClassToUse);
@@ -86,31 +65,11 @@ private PreAuthorize findPreAuthorizeAnnotation(Method method, Class<?> targetCl
 	 * @param context the {@link ApplicationContext} to use
 	 */
 	void setApplicationContext(ApplicationContext context) {
-		Assert.notNull(context, "context cannot be null");
-		this.handlerResolver = (beanName, clazz) -> resolveHandler(context, beanName, clazz);
+		this.handlerResolver.setContext(context);
 	}
 
 	void setTemplateDefaults(AnnotationTemplateExpressionDefaults defaults) {
 		this.preAuthorizeScanner = SecurityAnnotationScanners.requireUnique(PreAuthorize.class, defaults);
 	}
 
-	private MethodAuthorizationDeniedHandler resolveHandler(ApplicationContext context, String beanName,
-			Class<? extends MethodAuthorizationDeniedHandler> handlerClass) {
-		if (StringUtils.hasText(beanName)) {
-			return context.getBean(beanName, MethodAuthorizationDeniedHandler.class);
-		}
-		if (handlerClass == this.defaultHandler.getClass()) {
-			return this.defaultHandler;
-		}
-		String[] beanNames = context.getBeanNamesForType(handlerClass);
-		if (beanNames.length == 0) {
-			throw new IllegalStateException("Could not find a bean of type " + handlerClass.getName());
-		}
-		if (beanNames.length > 1) {
-			throw new IllegalStateException("Expected to find a single bean of type " + handlerClass.getName()
-					+ " but found " + Arrays.toString(beanNames));
-		}
-		return context.getBean(beanNames[0], handlerClass);
-	}
-
 }