Add AllRequiredFactorsAuthorizationManager.anyOf #18960
Description
In order to support something like webauthn OR (password and OTT) and get the correct AuthorizationResult when access is denied, we should create a built in way to perform a logical or on AllRequiredFactorsAuthorizationManager instances that is smart enough to combine the FactorAuthorizationDecision into a meaningful response. Something like this comes to mind
public AuthorizationResult authorize(Supplier<? extends @Nullable Authentication> authentication, T object) {
List<RequiredFactorError> factorErrors = new ArrayList<>();
for (AllRequiredFactorsAuthorizationManager<T> factor : this.factors) {
FactorAuthorizationDecision result = factor.authorize(authentication, object);
if (result.isGranted()) {
return result;
}
factorErrors.addAll(result.getFactorErrors());
}
return new FactorAuthorizationDecision(factorErrors);
}Since it is bound to AllRequiredFactorsAuthorizationManager would likely be available as public <T> static AuthorizationManager<T> anyOf(AllRequiredFactorsAuthorizationManager<T>... managers)
NOTE: AuthorizationManagers.anyOf is not sufficient because it does not know how to combine the results properly. Nor should it be updated to be aware of ``FactorAuthorizationDecision.