Skip to content

Commit

Permalink
Merge branch '6.3.x' into 6.4.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@jzheaux
jzheaux committed Mar 4, 2025
2 parents 696147c + 46cd94b commit 4ae0965
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 0 deletions.
16 changes: 16 additions & 0 deletions core/src/main/java/org/springframework/security/authorization/method/ExpressionUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.EvaluationException;
import org.springframework.expression.Expression;
import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.authorization.AuthorizationResult;
import org.springframework.security.authorization.ExpressionAuthorizationDecision;

Expand All @@ -43,9 +44,24 @@ static AuthorizationResult evaluate(Expression expr, EvaluationContext ctx) {
"SpEL expression must return either a Boolean or an AuthorizationDecision");
}
catch (EvaluationException ex) {
AuthorizationDeniedException denied = findAuthorizationException(ex);
if (denied != null) {
throw denied;
}
throw new IllegalArgumentException("Failed to evaluate expression '" + expr.getExpressionString() + "'",
ex);
}
}

static AuthorizationDeniedException findAuthorizationException(EvaluationException ex) {
Throwable cause = ex.getCause();
while (cause != null) {
if (cause instanceof AuthorizationDeniedException denied) {
return denied;
}
cause = cause.getCause();
}
return null;
}

}
15 changes: 15 additions & 0 deletions ...src/test/java/org/springframework/security/authorization/method/ExpressionUtilsTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,11 @@
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.authorization.ExpressionAuthorizationDecision;

import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;

public class ExpressionUtilsTests {

Expand All @@ -48,10 +50,23 @@ public void evaluateWhenBooleanThenReturnsExpressionAuthorizationDecision() {
assertThat(ExpressionUtils.evaluate(expression, context)).isInstanceOf(ExpressionAuthorizationDecision.class);
}

@Test
public void evaluateWhenExpressionThrowsAuthorizationDeniedExceptionThenPropagates() {
SpelExpressionParser parser = new SpelExpressionParser();
Expression expression = parser.parseExpression("#root.throwException()");
StandardEvaluationContext context = new StandardEvaluationContext(this);
assertThatExceptionOfType(AuthorizationDeniedException.class)
.isThrownBy(() -> ExpressionUtils.evaluate(expression, context));
}

public AuthorizationDecision returnDecision() {
return new AuthorizationDecisionDetails(false, this.details);
}

public Object throwException() {
throw new AuthorizationDeniedException("denied");
}

public boolean returnResult() {
return false;
}
Expand Down

0 comments on commit 4ae0965

Please sign in to comment.