Move toBuilder to BuildableAuthentication

Closes gh-18052

Author: jzheaux

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java

@@ -23,6 +23,7 @@
 import org.jspecify.annotations.Nullable;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.util.Assert;
@@ -34,7 +35,8 @@
  * @author Ben Alex
  * @author Scott Battaglia
  */
-public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
+public class CasAuthenticationToken extends AbstractAuthenticationToken
+		implements BuildableAuthentication, Serializable {
 
 	private static final long serialVersionUID = 620L;
 

cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java

@@ -22,6 +22,7 @@
 import org.jspecify.annotations.Nullable;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
@@ -32,7 +33,8 @@
  * @author Hal Deadman
  * @since 6.1
  */
-public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationToken {
+public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationToken
+		implements BuildableAuthentication {
 
 	static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
 

core/src/main/java/org/springframework/security/authentication/AbstractAuthenticationToken.java

@@ -28,6 +28,7 @@
 
 import org.springframework.security.core.AuthenticatedPrincipal;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.CredentialsContainer;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -198,15 +199,15 @@ public String toString() {
 	}
 
 	/**
-	 * A common abstract implementation of {@link Authentication.Builder}. It implements
-	 * the builder methods that correspond to the {@link Authentication} methods that
-	 * {@link AbstractAuthenticationToken} implements
+	 * A common abstract implementation of {@link BuildableAuthentication.Builder}. It
+	 * implements the builder methods that correspond to the {@link Authentication}
+	 * methods that {@link AbstractAuthenticationToken} implements
 	 *
 	 * @param <B>
 	 * @since 7.0
 	 */
 	protected abstract static class AbstractAuthenticationBuilder<B extends AbstractAuthenticationBuilder<B>>
-			implements Authentication.Builder<B> {
+			implements BuildableAuthentication.Builder<B> {
 
 		private boolean authenticated;
 

core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java

@@ -20,6 +20,7 @@
 
 import org.jspecify.annotations.Nullable;
 
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
@@ -32,7 +33,7 @@
  * @author Ben Alex
  * @author Luke Taylor
  */
-public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
+public class RememberMeAuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {
 
 	private static final long serialVersionUID = 620L;
 

core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java

@@ -22,6 +22,7 @@
 
 import org.jspecify.annotations.Nullable;
 
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.util.Assert;
@@ -34,7 +35,7 @@
  *
  * @author Ben Alex
  */
-public class TestingAuthenticationToken extends AbstractAuthenticationToken {
+public class TestingAuthenticationToken extends AbstractAuthenticationToken implements BuildableAuthentication {
 
 	private static final long serialVersionUID = 1L;
 

core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java

@@ -20,6 +20,7 @@
 
 import org.jspecify.annotations.Nullable;
 
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
@@ -35,7 +36,8 @@
  * @author Ben Alex
  * @author Norbert Nowak
  */
-public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
+public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken
+		implements BuildableAuthentication {
 
 	private static final long serialVersionUID = 620L;
 

core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthentication.java

@@ -22,6 +22,7 @@
 import org.jspecify.annotations.Nullable;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.BuildableAuthentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.util.Assert;
 
@@ -31,7 +32,7 @@
  * @author Josh Cummings
  * @since 7.0
  */
-public class OneTimeTokenAuthentication extends AbstractAuthenticationToken {
+public class OneTimeTokenAuthentication extends AbstractAuthenticationToken implements BuildableAuthentication {
 
 	@Serial
 	private static final long serialVersionUID = 1195893764725073959L;

core/src/main/java/org/springframework/security/core/Authentication.java

@@ -19,7 +19,6 @@
 import java.io.Serializable;
 import java.security.Principal;
 import java.util.Collection;
-import java.util.function.Consumer;
 
 import org.jspecify.annotations.Nullable;
 
@@ -137,110 +136,4 @@ public interface Authentication extends Principal, Serializable {
 	 */
 	void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException;
 
-	/**
-	 * Return an {@link Builder} based on this instance. By default, returns a builder
-	 * that builds a {@link SimpleAuthentication}.
-	 * <p>
-	 * Although a {@code default} method, all {@link Authentication} implementations
-	 * should implement this. The reason is to ensure that the {@link Authentication} type
-	 * is preserved when {@link Builder#build} is invoked. This is especially important in
-	 * the event that your authentication implementation contains custom fields.
-	 * </p>
-	 * <p>
-	 * This isn't strictly necessary since it is recommended that applications code to the
-	 * {@link Authentication} interface and that custom information is often contained in
-	 * the {@link Authentication#getPrincipal} value.
-	 * </p>
-	 * @return an {@link Builder} for building a new {@link Authentication} based on this
-	 * instance
-	 * @since 7.0
-	 */
-	default Builder<?> toBuilder() {
-		return new SimpleAuthentication.Builder(this);
-	}
-
-	/**
-	 * A builder based on a given {@link Authentication} instance
-	 *
-	 * @author Josh Cummings
-	 * @since 7.0
-	 */
-	interface Builder<B extends Builder<B>> {
-
-		/**
-		 * Mutate the authorities with this {@link Consumer}.
-		 * <p>
-		 * Note that since a non-empty set of authorities implies an
-		 * {@link Authentication} is authenticated, this method also marks the
-		 * authentication as {@link #authenticated} by default.
-		 * </p>
-		 * @param authorities a consumer that receives the full set of authorities
-		 * @return the {@link Builder} for additional configuration
-		 * @see Authentication#getAuthorities
-		 */
-		B authorities(Consumer<Collection<GrantedAuthority>> authorities);
-
-		/**
-		 * Use this credential.
-		 * <p>
-		 * Note that since some credentials are insecure to store, this method is
-		 * implemented as unsupported by default. Only implement or use this method if you
-		 * support secure storage of the credential or if your implementation also
-		 * implements {@link CredentialsContainer} and the credentials are thereby erased.
-		 * </p>
-		 * @param credentials the credentials to use
-		 * @return the {@link Builder} for additional configuration
-		 * @see Authentication#getCredentials
-		 */
-		default B credentials(@Nullable Object credentials) {
-			throw new UnsupportedOperationException(
-					String.format("%s does not store credentials", this.getClass().getSimpleName()));
-		}
-
-		/**
-		 * Use this details object.
-		 * <p>
-		 * Implementations may choose to use these {@code details} in combination with any
-		 * principal from the pre-existing {@link Authentication} instance.
-		 * </p>
-		 * @param details the details to use
-		 * @return the {@link Builder} for additional configuration
-		 * @see Authentication#getDetails
-		 */
-		B details(@Nullable Object details);
-
-		/**
-		 * Use this principal.
-		 * <p>
-		 * Note that in many cases, the principal is strongly-typed. Implementations may
-		 * choose to do a type check and are not necessarily expected to allow any object
-		 * as a principal.
-		 * </p>
-		 * <p>
-		 * Implementations may choose to use this {@code principal} in combination with
-		 * any principal from the pre-existing {@link Authentication} instance.
-		 * </p>
-		 * @param principal the principal to use
-		 * @return the {@link Builder} for additional configuration
-		 * @see Authentication#getPrincipal
-		 */
-		B principal(@Nullable Object principal);
-
-		/**
-		 * Mark this authentication as authenticated or not
-		 * @param authenticated whether this is an authenticated {@link Authentication}
-		 * instance
-		 * @return the {@link Builder} for additional configuration
-		 * @see Authentication#isAuthenticated
-		 */
-		B authenticated(boolean authenticated);
-
-		/**
-		 * Build an {@link Authentication} instance
-		 * @return the {@link Authentication} instance
-		 */
-		Authentication build();
-
-	}
-
 }