Remove compiler warnings in spring-security-data

- Add
  compile-warnings-error plugin to data module
- Remove
  deprecated setDefaultRolePrefix() call in getRootObject()
- Add
  @SuppressWarnings deprecation for tests using deprecated methods
- Add
  tests using AuthorizationManagerFactory

Closes
  gh-18422

Signed-off-by: pocj8ur4in <pocj8ur4in@gmail.com>

Author: pocj8ur4in

data/spring-security-data.gradle

@@ -4,6 +4,7 @@ plugins {
 }
 
 apply plugin: 'io.spring.convention.spring-module'
+apply plugin: 'compile-warnings-error'
 
 dependencies {
 	management platform(project(":spring-security-dependencies"))

data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java

@@ -134,10 +134,6 @@ public SecurityExpressionRoot<Object> getRootObject() {
 		};
 		root.setAuthorizationManagerFactory(this.authorizationManagerFactory);
 		root.setPermissionEvaluator(this.permissionEvaluator);
-		if (!DEFAULT_ROLE_PREFIX.equals(this.defaultRolePrefix)) {
-			// Ensure SecurityExpressionRoot can strip the custom role prefix
-			root.setDefaultRolePrefix(this.defaultRolePrefix);
-		}
 		return root;
 	}
 

data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java

@@ -27,6 +27,7 @@
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authorization.DefaultAuthorizationManagerFactory;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.core.context.SecurityContextImpl;
@@ -90,6 +91,7 @@ public void getRootObjectExplicitAuthentication() {
 	}
 
 	@Test
+	@SuppressWarnings("deprecation")
 	public void setTrustResolverWhenNullThenIllegalArgumentException() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
@@ -98,6 +100,7 @@ public void setTrustResolverWhenNullThenIllegalArgumentException() {
 	}
 
 	@Test
+	@SuppressWarnings("deprecation")
 	public void setTrustResolverWhenNotNullThenVerifyRootObject() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
@@ -109,6 +112,7 @@ public void setTrustResolverWhenNotNullThenVerifyRootObject() {
 	}
 
 	@Test
+	@SuppressWarnings("deprecation")
 	public void setRoleHierarchyWhenNullThenIllegalArgumentException() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
@@ -117,6 +121,7 @@ public void setRoleHierarchyWhenNullThenIllegalArgumentException() {
 	}
 
 	@Test
+	@SuppressWarnings("deprecation")
 	public void setRoleHierarchyWhenNotNullThenVerifyRootObject() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_PARENT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
@@ -143,6 +148,7 @@ public void setPermissionEvaluatorWhenNotNullThenVerifyRootObject() {
 	}
 
 	@Test
+	@SuppressWarnings("deprecation")
 	public void setDefaultRolePrefixWhenCustomThenVerifyRootObject() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "CUSTOM_EXPLICIT");
 		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
@@ -151,6 +157,41 @@ public void setDefaultRolePrefixWhenCustomThenVerifyRootObject() {
 		assertThat(getRoot().hasRole("EXPLICIT")).isTrue();
 	}
 
+	@Test
+	public void setAuthorizationManagerFactoryWithTrustResolverThenVerifyRootObject() {
+		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");
+		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
+		AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
+		given(trustResolver.isAuthenticated(explicit)).willReturn(true);
+		DefaultAuthorizationManagerFactory<Object> factory = new DefaultAuthorizationManagerFactory<>();
+		factory.setTrustResolver(trustResolver);
+		this.securityExtension.setAuthorizationManagerFactory(factory);
+		assertThat(getRoot().isAuthenticated()).isTrue();
+		verify(trustResolver).isAuthenticated(explicit);
+	}
+
+	@Test
+	public void setAuthorizationManagerFactoryWithRoleHierarchyThenVerifyRootObject() {
+		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_PARENT");
+		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
+		RoleHierarchy roleHierarchy = RoleHierarchyImpl.fromHierarchy("ROLE_PARENT > ROLE_EXPLICIT");
+		DefaultAuthorizationManagerFactory<Object> factory = new DefaultAuthorizationManagerFactory<>();
+		factory.setRoleHierarchy(roleHierarchy);
+		this.securityExtension.setAuthorizationManagerFactory(factory);
+		assertThat(getRoot().hasRole("EXPLICIT")).isTrue();
+	}
+
+	@Test
+	public void setAuthorizationManagerFactoryWithRolePrefixThenVerifyRootObject() {
+		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "CUSTOM_EXPLICIT");
+		this.securityExtension = new SecurityEvaluationContextExtension(explicit);
+		String customRolePrefix = "CUSTOM_";
+		DefaultAuthorizationManagerFactory<Object> factory = new DefaultAuthorizationManagerFactory<>();
+		factory.setRolePrefix(customRolePrefix);
+		this.securityExtension.setAuthorizationManagerFactory(factory);
+		assertThat(getRoot().hasRole("EXPLICIT")).isTrue();
+	}
+
 	@Test
 	public void getRootObjectWhenAdditionalFieldsNotSetThenVerifyDefaults() {
 		TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");