From ffc9adfe2bdd2f01f321729e4a597538257f25db Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Sat, 22 Nov 2025 11:52:47 +0700 Subject: [PATCH 1/3] Add hasScope and hasAnyScope Signed-off-by: Tran Ngoc Nhan --- ...aultOAuth2AuthorizationManagerFactory.java | 79 +++++++++++++++++ .../OAuth2AuthorizationManagerFactory.java | 73 ++++++++++++++++ ...Auth2AuthorizationManagerFactoryTests.java | 84 +++++++++++++++++++ 3 files changed, 236 insertions(+) create mode 100644 oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java create mode 100644 oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java create mode 100644 oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java new file mode 100644 index 00000000000..7d91953923b --- /dev/null +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java @@ -0,0 +1,79 @@ +/* + * Copyright 2025-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.authorization; + +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationManagerFactory; +import org.springframework.security.authorization.DefaultAuthorizationManagerFactory; +import org.springframework.util.Assert; + +/** + * A factory for creating different kinds of {@link AuthorizationManager} instances. + * + * @param the type of object that the authorization check is being done on + * @author Ngoc Nhan + * @since 7.0 + */ +public final class DefaultOAuth2AuthorizationManagerFactory implements OAuth2AuthorizationManagerFactory { + + private String scopePrefix = "SCOPE_"; + + private final AuthorizationManagerFactory authorizationManagerFactory; + + public DefaultOAuth2AuthorizationManagerFactory() { + this(new DefaultAuthorizationManagerFactory<>()); + } + + public DefaultOAuth2AuthorizationManagerFactory(AuthorizationManagerFactory authorizationManagerFactory) { + Assert.notNull(authorizationManagerFactory, "authorizationManagerFactory can not be null"); + this.authorizationManagerFactory = authorizationManagerFactory; + } + + /** + * Sets the prefix used to create an authority name from a scope name. Can be an empty + * string. + * @param scopePrefix the scope prefix to use + */ + public void setScopePrefix(String scopePrefix) { + Assert.notNull(scopePrefix, "scopePrefix can not be null"); + this.scopePrefix = scopePrefix; + } + + @Override + public AuthorizationManager hasScope(String scope) { + Assert.notNull(scope, "scope can not be null"); + return hasAnyScope(scope); + } + + @Override + public AuthorizationManager hasAnyScope(String... scopes) { + Assert.notNull(scopes, "scopes can not be null"); + String[] mappedScopes = new String[scopes.length]; + for (int i = 0; i < scopes.length; i++) { + assertScope(scopes[i]); + mappedScopes[i] = this.scopePrefix + scopes[i]; + } + return this.authorizationManagerFactory.hasAnyAuthority(mappedScopes); + } + + private void assertScope(String scope) { + Assert.isTrue(!scope.startsWith(this.scopePrefix), () -> scope + " should not start with '" + this.scopePrefix + + "' since '" + this.scopePrefix + + "' is automatically prepended when using hasScope and hasAnyScope. Consider using AuthorityAuthorizationManager#hasAuthority or #hasAnyAuthority instead."); + } + +} diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java new file mode 100644 index 00000000000..508522d0ab4 --- /dev/null +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java @@ -0,0 +1,73 @@ +/* + * Copyright 2025-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.authorization; + +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.Authentication; + +/** + * A factory for creating different kinds of {@link AuthorizationManager} instances. + * + * @param the type of object that the authorization check is being done on + * @author Ngoc Nhan + * @since 7.0 + */ +public interface OAuth2AuthorizationManagerFactory { + + /** + * Create an {@link AuthorizationManager} that requires an {@link Authentication} to + * have a {@code SCOPE_scope} authority. + * + *

+ * For example, if you call {@code hasScope("read")}, then this will require that each + * authentication have a {@link org.springframework.security.core.GrantedAuthority} + * whose value is {@code SCOPE_read}. + * + *

+ * This would equivalent to calling + * {@code AuthorityAuthorizationManager#hasAuthority("SCOPE_read")}. + * @param scope the scope value to require + * @return an {@link AuthorizationManager} that requires a {@code "SCOPE_scope"} + * authority + */ + default AuthorizationManager hasScope(String scope) { + return OAuth2AuthorizationManagers.hasScope(scope); + } + + /** + * Create an {@link AuthorizationManager} that requires an {@link Authentication} to + * have at least one authority among {@code SCOPE_scope1}, {@code SCOPE_scope2}, ... + * {@code SCOPE_scopeN}. + * + *

+ * For example, if you call {@code hasAnyScope("read", "write")}, then this will + * require that each authentication have at least a + * {@link org.springframework.security.core.GrantedAuthority} whose value is either + * {@code SCOPE_read} or {@code SCOPE_write}. + * + *

+ * This would equivalent to calling + * {@code AuthorityAuthorizationManager#hasAnyAuthority("SCOPE_read", "SCOPE_write")}. + * @param scopes the scope values to allow + * @return an {@link AuthorizationManager} that requires at least one authority among + * {@code "SCOPE_scope1"}, {@code SCOPE_scope2}, ... {@code SCOPE_scopeN}. + */ + default AuthorizationManager hasAnyScope(String... scopes) { + return OAuth2AuthorizationManagers.hasAnyScope(scopes); + } + +} diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java new file mode 100644 index 00000000000..7c92965fac4 --- /dev/null +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java @@ -0,0 +1,84 @@ +/* + * Copyright 2025-present the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.oauth2.core.authorization; + +import org.junit.jupiter.api.Test; + +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.authorization.AuthorityAuthorizationManager; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.authorization.AuthorizationManagerFactories; +import org.springframework.security.authorization.AuthorizationResult; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * Tests for {@link OAuth2AuthorizationManagerFactory}. + * + * @author Ngoc Nhan + */ +public class OAuth2AuthorizationManagerFactoryTests { + + @Test + public void hasScopeReturnsAuthorityAuthorizationManagerByDefault() { + OAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>(); + AuthorizationManager authorizationManager = factory.hasScope("message:read"); + assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class); + } + + @Test + public void hasAnyScopeReturnsAuthorityAuthorizationManagerByDefault() { + OAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>(); + AuthorizationManager authorizationManager = factory.hasAnyScope("message:read", "message:write"); + assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class); + } + + @Test + public void hasScopeWhenSetAuthorizationManagerFactories() { + DefaultOAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>( + AuthorizationManagerFactories.multiFactor().requireFactors("SCOPE_message:read").build()); + assertUserGranted(factory.hasScope("message:read")); + assertUserDenied(factory.hasScope("message:write")); + } + + @Test + public void hasAnyScopeWhenSetAuthorizationManagerFactories() { + DefaultOAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>( + AuthorizationManagerFactories.multiFactor().requireFactors("SCOPE_message:read").build()); + assertUserGranted(factory.hasAnyScope("message:read")); + assertUserDenied(factory.hasAnyScope("message:write")); + } + + private void assertUserGranted(AuthorizationManager manager) { + AuthorizationResult authorizationResult = createAuthorizationResult(manager); + assertThat(authorizationResult).isNotNull(); + assertThat(authorizationResult.isGranted()).isTrue(); + } + + private void assertUserDenied(AuthorizationManager manager) { + AuthorizationResult authorizationResult = createAuthorizationResult(manager); + assertThat(authorizationResult).isNotNull(); + assertThat(authorizationResult.isGranted()).isFalse(); + } + + private AuthorizationResult createAuthorizationResult(AuthorizationManager manager) { + TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("user", "pass", + "SCOPE_message:read"); + return manager.authorize(() -> authenticatedUser, ""); + } + +} From 7a579617d5a621d32ef724c833f8ff8d3bcf9ffe Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Tue, 25 Nov 2025 18:56:45 +0700 Subject: [PATCH 2/3] Add hasAllScopes Signed-off-by: Tran Ngoc Nhan --- ...aultOAuth2AuthorizationManagerFactory.java | 18 +++++-- .../OAuth2AuthorizationManagerFactory.java | 24 ++++++++- .../OAuth2AuthorizationManagers.java | 29 ++++++++++ ...Auth2AuthorizationManagerFactoryTests.java | 54 +++++++++++++------ 4 files changed, 105 insertions(+), 20 deletions(-) diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java index 7d91953923b..deb175e221e 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/DefaultOAuth2AuthorizationManagerFactory.java @@ -26,7 +26,7 @@ * * @param the type of object that the authorization check is being done on * @author Ngoc Nhan - * @since 7.0 + * @since 7.1 */ public final class DefaultOAuth2AuthorizationManagerFactory implements OAuth2AuthorizationManagerFactory { @@ -56,24 +56,34 @@ public void setScopePrefix(String scopePrefix) { @Override public AuthorizationManager hasScope(String scope) { Assert.notNull(scope, "scope can not be null"); - return hasAnyScope(scope); + assertScope(scope); + return this.authorizationManagerFactory.hasAuthority(this.scopePrefix + scope); } @Override public AuthorizationManager hasAnyScope(String... scopes) { + return this.authorizationManagerFactory.hasAnyAuthority(this.mappedScopes(scopes)); + } + + @Override + public AuthorizationManager hasAllScopes(String... scopes) { + return this.authorizationManagerFactory.hasAllAuthorities(this.mappedScopes(scopes)); + } + + private String[] mappedScopes(String... scopes) { Assert.notNull(scopes, "scopes can not be null"); String[] mappedScopes = new String[scopes.length]; for (int i = 0; i < scopes.length; i++) { assertScope(scopes[i]); mappedScopes[i] = this.scopePrefix + scopes[i]; } - return this.authorizationManagerFactory.hasAnyAuthority(mappedScopes); + return mappedScopes; } private void assertScope(String scope) { Assert.isTrue(!scope.startsWith(this.scopePrefix), () -> scope + " should not start with '" + this.scopePrefix + "' since '" + this.scopePrefix - + "' is automatically prepended when using hasScope and hasAnyScope. Consider using AuthorityAuthorizationManager#hasAuthority or #hasAnyAuthority instead."); + + "' is automatically prepended when using hasScope and hasAnyScope. Consider using AuthorizationManagerFactory#hasAuthority or #hasAnyAuthority instead."); } } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java index 508522d0ab4..9dfd5419ae8 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactory.java @@ -24,7 +24,7 @@ * * @param the type of object that the authorization check is being done on * @author Ngoc Nhan - * @since 7.0 + * @since 7.1 */ public interface OAuth2AuthorizationManagerFactory { @@ -70,4 +70,26 @@ default AuthorizationManager hasAnyScope(String... scopes) { return OAuth2AuthorizationManagers.hasAnyScope(scopes); } + /** + * Create an {@link AuthorizationManager} that requires an {@link Authentication} to + * have all authorities {@code SCOPE_scope1}, {@code SCOPE_scope2}, ... + * {@code SCOPE_scopeN}. + * + *

+ * For example, if you call {@code hasAllScopes("read", "write")}, then each + * {@link org.springframework.security.core.Authentication} must have all + * {@link org.springframework.security.core.GrantedAuthority} values of + * {@code SCOPE_read} and {@code SCOPE_write}. + * + *

+ * This would be equivalent to calling + * {@code AllAuthoritiesAuthorizationManager#hasAllAuthorities("SCOPE_read", "SCOPE_write")}. + * @param scopes the scope values to require + * @return an {@link AuthorizationManager} that requires all authorities + * {@code SCOPE_scope1}, {@code SCOPE_scope2}, ... {@code SCOPE_scopeN}. + */ + default AuthorizationManager hasAllScopes(String... scopes) { + return OAuth2AuthorizationManagers.hasAllScopes(scopes); + } + } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java index 50e7bfb6457..3e44221baf3 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.authorization; +import org.springframework.security.authorization.AllAuthoritiesAuthorizationManager; import org.springframework.security.authorization.AuthorityAuthorizationManager; import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; @@ -85,6 +86,34 @@ public static AuthorizationManager hasAnyScope(String... scopes) { return AuthorityAuthorizationManager.hasAnyAuthority(mappedScopes); } + /** + * Create an {@link AuthorizationManager} that requires an {@link Authentication} to + * have all authorities {@code SCOPE_scope1}, {@code SCOPE_scope2}, ... + * {@code SCOPE_scopeN}. + * + *

+ * For example, if you call {@code hasAllScopes("read", "write")}, then each + * {@link org.springframework.security.core.Authentication} must have all + * {@link org.springframework.security.core.GrantedAuthority} values of + * {@code SCOPE_read} and {@code SCOPE_write}. + * + *

+ * This would be equivalent to calling + * {@code AllAuthoritiesAuthorizationManager#hasAllAuthorities("SCOPE_read", "SCOPE_write")}. + * @param scopes the scope values to require + * @return an {@link AuthorizationManager} that requires all authorities + * {@code SCOPE_scope1}, {@code SCOPE_scope2}, ... {@code SCOPE_scopeN}. + * @since 7.1 + */ + public static AuthorizationManager hasAllScopes(String... scopes) { + String[] mappedScopes = new String[scopes.length]; + for (int i = 0; i < scopes.length; i++) { + assertScope(scopes[i]); + mappedScopes[i] = "SCOPE_" + scopes[i]; + } + return AllAuthoritiesAuthorizationManager.hasAllAuthorities(mappedScopes); + } + private static void assertScope(String scope) { Assert.isTrue(!scope.startsWith("SCOPE_"), () -> scope + " should not start with SCOPE_ since SCOPE_" diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java index 7c92965fac4..b9f48127c13 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagerFactoryTests.java @@ -33,51 +33,75 @@ */ public class OAuth2AuthorizationManagerFactoryTests { + private static final String MSG_READ = "message:read"; + + private static final String MSG_WRITE = "message:write"; + + private static final String SCOPE_MSG_READ = "SCOPE_message:read"; + + private static final String SCOPE_MSG_WRITE = "SCOPE_message:write"; + @Test public void hasScopeReturnsAuthorityAuthorizationManagerByDefault() { OAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>(); - AuthorizationManager authorizationManager = factory.hasScope("message:read"); + AuthorizationManager authorizationManager = factory.hasScope(MSG_READ); assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class); } @Test public void hasAnyScopeReturnsAuthorityAuthorizationManagerByDefault() { OAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>(); - AuthorizationManager authorizationManager = factory.hasAnyScope("message:read", "message:write"); + AuthorizationManager authorizationManager = factory.hasAnyScope(MSG_READ, MSG_WRITE); + assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class); + } + + @Test + public void hasAllScopesReturnsAuthorityAuthorizationManagerByDefault() { + OAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>(); + AuthorizationManager authorizationManager = factory.hasAnyScope(MSG_READ, MSG_WRITE); assertThat(authorizationManager).isInstanceOf(AuthorityAuthorizationManager.class); } @Test public void hasScopeWhenSetAuthorizationManagerFactories() { DefaultOAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>( - AuthorizationManagerFactories.multiFactor().requireFactors("SCOPE_message:read").build()); - assertUserGranted(factory.hasScope("message:read")); - assertUserDenied(factory.hasScope("message:write")); + AuthorizationManagerFactories.multiFactor().requireFactors(SCOPE_MSG_READ).build()); + assertUserGranted(factory.hasScope(MSG_READ), SCOPE_MSG_READ); + assertUserDenied(factory.hasScope(MSG_WRITE), SCOPE_MSG_READ); } @Test public void hasAnyScopeWhenSetAuthorizationManagerFactories() { DefaultOAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>( - AuthorizationManagerFactories.multiFactor().requireFactors("SCOPE_message:read").build()); - assertUserGranted(factory.hasAnyScope("message:read")); - assertUserDenied(factory.hasAnyScope("message:write")); + AuthorizationManagerFactories.multiFactor().requireFactors(SCOPE_MSG_READ).build()); + assertUserGranted(factory.hasAnyScope(MSG_READ), SCOPE_MSG_READ); + assertUserDenied(factory.hasAnyScope(MSG_WRITE), SCOPE_MSG_READ); + } + + @Test + public void hasAllScopesWhenSetAuthorizationManagerFactories() { + DefaultOAuth2AuthorizationManagerFactory factory = new DefaultOAuth2AuthorizationManagerFactory<>( + AuthorizationManagerFactories.multiFactor() + .requireFactors(SCOPE_MSG_READ, SCOPE_MSG_WRITE) + .build()); + assertUserGranted(factory.hasAllScopes(MSG_READ, MSG_WRITE), SCOPE_MSG_READ, SCOPE_MSG_WRITE); + assertUserDenied(factory.hasAllScopes(MSG_READ, MSG_WRITE), SCOPE_MSG_READ); } - private void assertUserGranted(AuthorizationManager manager) { - AuthorizationResult authorizationResult = createAuthorizationResult(manager); + private void assertUserGranted(AuthorizationManager manager, String... authorities) { + AuthorizationResult authorizationResult = createAuthorizationResult(manager, authorities); assertThat(authorizationResult).isNotNull(); assertThat(authorizationResult.isGranted()).isTrue(); } - private void assertUserDenied(AuthorizationManager manager) { - AuthorizationResult authorizationResult = createAuthorizationResult(manager); + private void assertUserDenied(AuthorizationManager manager, String... authorities) { + AuthorizationResult authorizationResult = createAuthorizationResult(manager, authorities); assertThat(authorizationResult).isNotNull(); assertThat(authorizationResult.isGranted()).isFalse(); } - private AuthorizationResult createAuthorizationResult(AuthorizationManager manager) { - TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("user", "pass", - "SCOPE_message:read"); + private AuthorizationResult createAuthorizationResult(AuthorizationManager manager, String... authorities) { + TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("user", "pass", authorities); return manager.authorize(() -> authenticatedUser, ""); } From 170712c06abfaa3c78805efb9821b35f4eda46d9 Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Tue, 25 Nov 2025 18:57:51 +0700 Subject: [PATCH 3/3] Update javadoc Signed-off-by: Tran Ngoc Nhan --- .../oauth2/core/authorization/OAuth2AuthorizationManagers.java | 1 + 1 file changed, 1 insertion(+) diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java index 3e44221baf3..36d3da05ae9 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/authorization/OAuth2AuthorizationManagers.java @@ -29,6 +29,7 @@ * @author Josh Cummings * @since 6.2 * @see AuthorityAuthorizationManager + * @see AllAuthoritiesAuthorizationManager */ public final class OAuth2AuthorizationManagers {