diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java index 36ac97637b..0d1c0355a5 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolver.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,6 @@ package org.springframework.web.servlet.mvc.method.annotation; import java.io.IOException; import java.io.InputStream; import java.io.Reader; -import java.lang.annotation.Annotation; import java.security.Principal; import java.time.ZoneId; import java.util.Locale; @@ -85,13 +84,12 @@ public class ServletRequestMethodArgumentResolver implements HandlerMethodArgume @Override public boolean supportsParameter(MethodParameter parameter) { Class paramType = parameter.getParameterType(); - final Annotation[] parameterAnnotations = parameter.getParameterAnnotations(); return (WebRequest.class.isAssignableFrom(paramType) || ServletRequest.class.isAssignableFrom(paramType) || MultipartRequest.class.isAssignableFrom(paramType) || HttpSession.class.isAssignableFrom(paramType) || (pushBuilder != null && pushBuilder.isAssignableFrom(paramType)) || - (Principal.class.isAssignableFrom(paramType) && parameterAnnotations.length == 0) || + (Principal.class.isAssignableFrom(paramType) && parameter.getParameterAnnotations().length == 0) || InputStream.class.isAssignableFrom(paramType) || Reader.class.isAssignableFrom(paramType) || HttpMethod.class == paramType || diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java index ee8f131cb3..aacbd3e008 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletRequestMethodArgumentResolverTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -126,10 +126,7 @@ public class ServletRequestMethodArgumentResolverTests { assertThat(result).as("Invalid result").isNull(); } - // spring-security already provides the @AuthenticationPrincipal annotation to inject the Principal taken from SecurityContext.getAuthentication.getPrincipal() - // but ServletRequestMethodArgumentResolver used to take precedence over @AuthenticationPrincipal resolver org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver - // and we used to get the wrong Principal in methods. See https://github.com/spring-projects/spring-framework/pull/25780 - @Test + @Test // gh-25780 public void annotatedPrincipal() throws Exception { Principal principal = () -> "Foo"; servletRequest.setUserPrincipal(principal); @@ -262,14 +259,6 @@ public class ServletRequestMethodArgumentResolverTests { assertThat(result).as("Invalid result").isSameAs(pushBuilder); } - @Target({ ElementType.PARAMETER }) - @Retention(RetentionPolicy.RUNTIME) - public @interface PlaceHolder {} - - @SuppressWarnings("unused") - public void supportedParamsWithAnnotatedPrincipal(@PlaceHolder Principal p) { - - } @SuppressWarnings("unused") public void supportedParams(ServletRequest p0, @@ -283,7 +272,13 @@ public class ServletRequestMethodArgumentResolverTests { TimeZone p8, ZoneId p9, HttpMethod p10, - PushBuilder p11) { - } + PushBuilder p11) {} + + @Target({ ElementType.PARAMETER }) + @Retention(RetentionPolicy.RUNTIME) + public @interface AuthenticationPrincipal {} + + @SuppressWarnings("unused") + public void supportedParamsWithAnnotatedPrincipal(@AuthenticationPrincipal Principal p) {} }