From 2fdf6a8a0dadb4ba0a54677203a4168c1f2df4ed Mon Sep 17 00:00:00 2001 From: Scott Murphy Heiberg Date: Wed, 23 Oct 2024 13:57:53 -0600 Subject: [PATCH] Make RequestMatcherDelegatingAuthorizationManager Post-Processable Closes gh-15978 --- .../web/configurers/AuthorizeHttpRequestsConfigurer.java | 3 ++- .../web/configurers/AuthorizeHttpRequestsConfigurerTests.java | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java index 42d034b89d2..2ec1f30a133 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java @@ -170,7 +170,8 @@ private AuthorizationManager createAuthorizationManager() { + ". Try completing it with something like requestUrls()..hasRole('USER')"); Assert.state(this.mappingCount > 0, "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); - RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build()); + AuthorizationManager manager = postProcess( + (AuthorizationManager) this.managerBuilder.build()); return AuthorizeHttpRequestsConfigurer.this.postProcessor.postProcess(manager); } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java index 68c752a3943..41850d67561 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java @@ -172,6 +172,7 @@ public void configureWhenObjectPostProcessorRegisteredThenInvokedOnAuthorization ObjectPostProcessor objectPostProcessor = this.spring.getContext() .getBean(ObjectPostProcessorConfig.class).objectPostProcessor; verify(objectPostProcessor).postProcess(any(RequestMatcherDelegatingAuthorizationManager.class)); + verify(objectPostProcessor).postProcess(any(AuthorizationManager.class)); verify(objectPostProcessor).postProcess(any(AuthorizationFilter.class)); }