Test Reactive Method Security with Abstract Classes

Issue spring-projectsgh-15352
jzheaux · Sep 12, 2024 · 0c71eaa · 0c71eaa
1 parent 86ef0b6
commit 0c71eaa
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/...nfig/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java b/...nfig/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
@@ -23,6 +23,7 @@
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
+import jakarta.annotation.security.DenyAll;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -37,6 +38,7 @@
 import org.springframework.context.annotation.Role;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.access.annotation.Secured;
 import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
 import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
@@ -409,6 +411,13 @@ public void findAllWhenNestedPreAuthorizeThenAuthorizes() {
 		});
 	}
 
+	// gh-15352
+	@Test
+	void annotationsInChildClassesDoNotAffectSuperclasses() {
+		this.spring.register(AbstractClassConfig.class).autowire();
+		this.spring.getContext().getBean(ClassInheritingAbstractClassWithNoAnnotations.class).method();
+	}
+
 	@Configuration
 	@EnableReactiveMethodSecurity
 	static class MethodSecurityServiceEnabledConfig {
@@ -706,4 +715,29 @@ public Mono<String> getName() {
 
 	}
 
+	abstract static class AbstractClassWithNoAnnotations {
+
+		Mono<String> method() {
+			return Mono.just("ok");
+		}
+
+	}
+
+	@PreAuthorize("denyAll()")
+	@Secured("DENIED")
+	@DenyAll
+	static class ClassInheritingAbstractClassWithNoAnnotations extends AbstractClassWithNoAnnotations {
+
+	}
+
+	@EnableReactiveMethodSecurity
+	static class AbstractClassConfig {
+
+		@Bean
+		ClassInheritingAbstractClassWithNoAnnotations inheriting() {
+			return new ClassInheritingAbstractClassWithNoAnnotations();
+		}
+
+	}
+
 }