Add ignoreUnconverted property for AnnotationTemplateExpressionDefaults

kse-music · kse-music · commit e901a9281679 · 2024-09-02T17:55:21.000+08:00
diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfigurationTests.java
@@ -50,6 +50,7 @@
 import org.springframework.context.annotation.Import;
 import org.springframework.context.annotation.Role;
 import org.springframework.core.annotation.AnnotationConfigurationException;
+import org.springframework.core.convert.ConversionException;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.annotation.BusinessService;
@@ -693,6 +694,17 @@ public void methodWhenPostFilterMetaAnnotationThenFilters(Class<?> config) {
 			.containsExactly("dave");
 	}
 
+	@Test
+	@WithMockUser(roles = "uid")
+	public void methodWhenMetaAnnotationPropertiesConversionFailed() {
+		this.spring.register(MetaAnnotationPlaceholderConfig.class).autowire();
+		AnnotationTemplateExpressionDefaults bean = this.spring.getContext()
+			.getBean(AnnotationTemplateExpressionDefaults.class);
+		bean.setIgnoreUnconverted(false);
+		MetaAnnotationService service = this.spring.getContext().getBean(MetaAnnotationService.class);
+		assertThatExceptionOfType(ConversionException.class).isThrownBy(() -> service.getIdPath("uid"));
+	}
+
 	@Test
 	@WithMockUser(authorities = "airplane:read")
 	public void findByIdWhenAuthorizedResultThenAuthorizes() {
@@ -1403,6 +1415,27 @@ List<String> resultsContainDave(List<String> list) {
 			return list;
 		}
 
+		@RestrictedAccess(entityClass = EntityClass.class)
+		String getIdPath(String id) {
+			return id;
+		}
+
+	}
+
+	@Retention(RetentionPolicy.RUNTIME)
+	@PreAuthorize("hasRole({idPath})")
+	@interface RestrictedAccess {
+
+		String idPath() default "#id";
+
+		Class<?> entityClass();
+
+		String[] recipes() default {};
+
+	}
+
+	static class EntityClass {
+
 	}
 
 	@Retention(RetentionPolicy.RUNTIME)
diff --git a/core/src/main/java/org/springframework/security/core/annotation/AnnotationTemplateExpressionDefaults.java b/core/src/main/java/org/springframework/security/core/annotation/AnnotationTemplateExpressionDefaults.java
@@ -29,6 +29,8 @@ public class AnnotationTemplateExpressionDefaults {
 
 	private boolean ignoreUnknown = true;
 
+	private boolean ignoreUnconverted = true;
+
 	/**
 	 * Whether template resolution should ignore placeholders it doesn't recognize.
 	 * <p>
@@ -50,4 +52,27 @@ public void setIgnoreUnknown(boolean ignoreUnknown) {
 		this.ignoreUnknown = ignoreUnknown;
 	}
 
+	/**
+	 * Whether metaAnnotationProperties conversion should ignore property it can't
+	 * convert.
+	 * <p>
+	 * By default, this value is <code>true</code>.
+	 */
+	public boolean isIgnoreUnconverted() {
+		return this.ignoreUnconverted;
+	}
+
+	/**
+	 * Configure metaAnnotationProperties conversion to ignore property it can't convert.
+	 * When set to <code>false</code>, metaAnnotationProperties conversion will throw an
+	 * exception for property it can't convert.
+	 * <p>
+	 * By default, this value is <code>true</code>.
+	 * @param ignoreUnconverted - whether to ignore metaAnnotationProperties it can't
+	 * convert
+	 */
+	public void setIgnoreUnconverted(boolean ignoreUnconverted) {
+		this.ignoreUnconverted = ignoreUnconverted;
+	}
+
 }
diff --git a/core/src/main/java/org/springframework/security/core/annotation/ExpressionTemplateSecurityAnnotationScanner.java b/core/src/main/java/org/springframework/security/core/annotation/ExpressionTemplateSecurityAnnotationScanner.java
@@ -25,6 +25,7 @@
 
 import org.springframework.core.MethodClassKey;
 import org.springframework.core.annotation.MergedAnnotation;
+import org.springframework.core.convert.ConversionException;
 import org.springframework.core.convert.support.DefaultConversionService;
 import org.springframework.util.Assert;
 import org.springframework.util.PropertyPlaceholderHelper;
@@ -117,23 +118,33 @@ private MergedAnnotation<A> resolvePlaceholders(MergedAnnotation<A> mergedAnnota
 		Map<String, Object> metaAnnotationProperties = mergedAnnotation.getMetaSource().asMap();
 		Map<String, String> stringProperties = new HashMap<>();
 		for (Map.Entry<String, Object> property : metaAnnotationProperties.entrySet()) {
-			String key = property.getKey();
-			Object value = property.getValue();
-			String asString = (value instanceof String) ? (String) value
-					: DefaultConversionService.getSharedInstance().convert(value, String.class);
-			stringProperties.put(key, asString);
+			stringProperties.put(property.getKey(), convertValue(property.getValue()));
 		}
 		Map<String, Object> annotationProperties = mergedAnnotation.asMap();
 		for (Map.Entry<String, Object> annotationProperty : annotationProperties.entrySet()) {
-			if (!(annotationProperty.getValue() instanceof String)) {
+			if (!(annotationProperty.getValue() instanceof String expression)) {
 				continue;
 			}
-			String expression = (String) annotationProperty.getValue();
 			String value = helper.replacePlaceholders(expression, stringProperties::get);
 			properties.put(annotationProperty.getKey(), value);
 		}
 		AnnotatedElement annotatedElement = (AnnotatedElement) mergedAnnotation.getSource();
 		return MergedAnnotation.of(annotatedElement, this.type, properties);
 	}
 
+	private String convertValue(Object value) {
+		if (value instanceof String stringValue) {
+			return stringValue;
+		}
+		try {
+			return DefaultConversionService.getSharedInstance().convert(value, String.class);
+		}
+		catch (ConversionException ex) {
+			if (this.templateDefaults.isIgnoreUnconverted()) {
+				return value.toString();
+			}
+			throw ex;
+		}
+	}
+
 }
