Consistently apply PrincipalMethodArgumentResolver

Closes gh-26117

Author: rstoyanchev

spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/ExceptionHandlerExceptionResolver.java

@@ -342,6 +342,9 @@ protected List<HandlerMethodArgumentResolver> getDefaultArgumentResolvers() {
 			resolvers.addAll(getCustomArgumentResolvers());
 		}
 
+		// Catch-all
+		resolvers.add(new PrincipalMethodArgumentResolver());
+
 		return resolvers;
 	}
 

spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerAdapter.java

@@ -681,6 +681,7 @@ private List<HandlerMethodArgumentResolver> getDefaultArgumentResolvers() {
 		}
 
 		// Catch-all
+		resolvers.add(new PrincipalMethodArgumentResolver());
 		resolvers.add(new RequestParamMethodArgumentResolver(getBeanFactory(), true));
 		resolvers.add(new ServletModelAttributeMethodProcessor(true));
 

spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestMappingHandlerAdapterIntegrationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,7 +16,12 @@
 
 package org.springframework.web.servlet.mvc.method.annotation;
 
-import java.awt.Color;
+import java.awt.*;
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 import java.lang.reflect.Method;
 import java.net.URI;
 import java.security.Principal;
@@ -70,13 +75,15 @@
 import org.springframework.web.bind.support.ConfigurableWebBindingInitializer;
 import org.springframework.web.bind.support.SessionStatus;
 import org.springframework.web.bind.support.WebArgumentResolver;
+import org.springframework.web.bind.support.WebDataBinderFactory;
 import org.springframework.web.context.request.NativeWebRequest;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletWebRequest;
 import org.springframework.web.context.support.GenericWebApplicationContext;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 import org.springframework.web.method.support.InvocableHandlerMethod;
+import org.springframework.web.method.support.ModelAndViewContainer;
 import org.springframework.web.servlet.HandlerMapping;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.testfixture.servlet.MockHttpServletRequest;
@@ -114,6 +121,7 @@ public void setup() throws Exception {
 
 		List<HandlerMethodArgumentResolver> customResolvers = new ArrayList<>();
 		customResolvers.add(new ServletWebArgumentResolverAdapter(new ColorArgumentResolver()));
+		customResolvers.add(new CustomPrincipalArgumentResolver());
 
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.refresh();
@@ -145,7 +153,7 @@ public void handle() throws Exception {
 		Class<?>[] parameterTypes = new Class<?>[] {int.class, String.class, String.class, String.class, Map.class,
 				Date.class, Map.class, String.class, String.class, TestBean.class, Errors.class, TestBean.class,
 				Color.class, HttpServletRequest.class, HttpServletResponse.class, TestBean.class, TestBean.class,
-				User.class, OtherUser.class, Model.class, UriComponentsBuilder.class};
+				User.class, OtherUser.class, Principal.class, Model.class, UriComponentsBuilder.class};
 
 		String datePattern = "yyyy.MM.dd";
 		String formattedDate = "2011.03.16";
@@ -214,6 +222,7 @@ public void handle() throws Exception {
 		assertThat(model.get("customArg") instanceof Color).isTrue();
 		assertThat(model.get("user").getClass()).isEqualTo(User.class);
 		assertThat(model.get("otherUser").getClass()).isEqualTo(OtherUser.class);
+		assertThat(((Principal) model.get("customUser")).getName()).isEqualTo("Custom User");
 
 		assertThat(model.get("sessionAttribute")).isSameAs(sessionAttribute);
 		assertThat(model.get("requestAttribute")).isSameAs(requestAttribute);
@@ -476,16 +485,24 @@ public String handle(
 				HttpServletResponse response,
 				@SessionAttribute TestBean sessionAttribute,
 				@RequestAttribute TestBean requestAttribute,
-				User user,
+				@Nullable User user, // gh-26117, gh-26117 (for @Nullable)
 				@ModelAttribute OtherUser otherUser,
+				@AuthenticationPrincipal Principal customUser, // gh-25780
 				Model model,
 				UriComponentsBuilder builder) {
 
-			model.addAttribute("cookie", cookieV).addAttribute("pathvar", pathvarV).addAttribute("header", headerV)
-					.addAttribute("systemHeader", systemHeader).addAttribute("headerMap", headerMap)
-					.addAttribute("dateParam", dateParam).addAttribute("paramMap", paramMap)
-					.addAttribute("paramByConvention", paramByConvention).addAttribute("value", value)
-					.addAttribute("customArg", customArg).addAttribute(user)
+			model.addAttribute("cookie", cookieV)
+					.addAttribute("pathvar", pathvarV)
+					.addAttribute("header", headerV)
+					.addAttribute("systemHeader", systemHeader)
+					.addAttribute("headerMap", headerMap)
+					.addAttribute("dateParam", dateParam)
+					.addAttribute("paramMap", paramMap)
+					.addAttribute("paramByConvention", paramByConvention)
+					.addAttribute("value", value)
+					.addAttribute("customArg", customArg)
+					.addAttribute(user)
+					.addAttribute("customUser", customUser)
 					.addAttribute("sessionAttribute", sessionAttribute)
 					.addAttribute("requestAttribute", requestAttribute)
 					.addAttribute("url", builder.path("/path").build().toUri());
@@ -520,10 +537,15 @@ public String handleInInterface(
 				Model model,
 				UriComponentsBuilder builder) {
 
-			model.addAttribute("cookie", cookieV).addAttribute("pathvar", pathvarV).addAttribute("header", headerV)
-					.addAttribute("systemHeader", systemHeader).addAttribute("headerMap", headerMap)
-					.addAttribute("dateParam", dateParam).addAttribute("paramMap", paramMap)
-					.addAttribute("paramByConvention", paramByConvention).addAttribute("value", value)
+			model.addAttribute("cookie", cookieV)
+					.addAttribute("pathvar", pathvarV)
+					.addAttribute("header", headerV)
+					.addAttribute("systemHeader", systemHeader)
+					.addAttribute("headerMap", headerMap)
+					.addAttribute("dateParam", dateParam)
+					.addAttribute("paramMap", paramMap)
+					.addAttribute("paramByConvention", paramByConvention)
+					.addAttribute("value", value)
 					.addAttribute("customArg", customArg).addAttribute(user)
 					.addAttribute("sessionAttribute", sessionAttribute)
 					.addAttribute("requestAttribute", requestAttribute)
@@ -598,7 +620,6 @@ public Object resolveArgument(MethodParameter methodParameter, NativeWebRequest
 		}
 	}
 
-
 	private static class User implements Principal {
 
 		@Override
@@ -616,4 +637,26 @@ public String getName() {
 		}
 	}
 
+	private static class CustomPrincipalArgumentResolver implements HandlerMethodArgumentResolver {
+
+		@Override
+		public boolean supportsParameter(MethodParameter parameter) {
+			return (Principal.class.isAssignableFrom(parameter.getParameterType()) &&
+					parameter.hasParameterAnnotation(AuthenticationPrincipal.class));
+		}
+
+		@Nullable
+		@Override
+		public Object resolveArgument(
+				MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
+				NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) {
+
+			return (Principal) () -> "Custom User";
+		}
+	}
+
+	@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
+	@Retention(RetentionPolicy.RUNTIME)
+	@Documented
+	public @interface AuthenticationPrincipal {}
 }