spring-projects
diff --git a/‎cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java‎
Lines changed: 96 additions & 0 deletions b/‎cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java‎
Lines changed: 49 additions & 1 deletion b/‎cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java‎
Lines changed: 49 additions & 1 deletion
diff --git a/‎cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java‎
Lines changed: 27 additions & 0 deletions b/‎cas/src/test/java/org/springframework/security/cas/authentication/CasAuthenticationTokenTests.java‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java‎
Lines changed: 2 additions & 6 deletions b/‎config/src/integration-test/java/org/springframework/security/config/ldap/LdapBindAuthenticationManagerFactoryITests.java‎
Lines changed: 2 additions & 6 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java‎
Lines changed: 6 additions & 0 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/method/configuration/PrePostMethodSecurityConfiguration.java‎
Lines changed: 6 additions & 0 deletions
@@ -20,6 +20,7 @@
 import java.util.Collection;
 
 import org.apereo.cas.client.validation.Assertion;
+import org.jspecify.annotations.Nullable;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.GrantedAuthority;
@@ -104,6 +105,19 @@ private CasAuthenticationToken(final Integer keyHash, final Object principal, fi
 		setAuthenticated(true);
 	}
 
+	protected CasAuthenticationToken(Builder<?> builder) {
+		super(builder);
+		Assert.isTrue(!"".equals(builder.principal), "principal cannot be null or empty");
+		Assert.notNull(!"".equals(builder.credentials), "credentials cannot be null or empty");
+		Assert.notNull(builder.userDetails, "userDetails cannot be null");
+		Assert.notNull(builder.assertion, "assertion cannot be null");
+		this.keyHash = builder.keyHash;
+		this.principal = builder.principal;
+		this.credentials = builder.credentials;
+		this.userDetails = builder.userDetails;
+		this.assertion = builder.assertion;
+	}
+
 	private static Integer extractKeyHash(String key) {
 		Assert.hasLength(key, "key cannot be null or empty");
 		return key.hashCode();
@@ -153,6 +167,11 @@ public UserDetails getUserDetails() {
 		return this.userDetails;
 	}
 
+	@Override
+	public Builder<?> toBuilder() {
+		return new Builder<>(this);
+	}
+
 	@Override
 	public String toString() {
 		StringBuilder sb = new StringBuilder();
@@ -162,4 +181,81 @@ public String toString() {
 		return (sb.toString());
 	}
 
+	/**
+	 * A builder of {@link CasAuthenticationToken} instances
+	 *
+	 * @since 7.0
+	 */
+	public static class Builder<B extends Builder<B>> extends AbstractAuthenticationBuilder<B> {
+
+		private Integer keyHash;
+
+		private Object principal;
+
+		private Object credentials;
+
+		private UserDetails userDetails;
+
+		private Assertion assertion;
+
+		protected Builder(CasAuthenticationToken token) {
+			super(token);
+			this.keyHash = token.keyHash;
+			this.principal = token.principal;
+			this.credentials = token.credentials;
+			this.userDetails = token.userDetails;
+			this.assertion = token.assertion;
+		}
+
+		/**
+		 * Use this key
+		 * @param key the key to use
+		 * @return the {@link Builder} for further configurations
+		 */
+		public B key(String key) {
+			this.keyHash = key.hashCode();
+			return (B) this;
+		}
+
+		@Override
+		public B principal(@Nullable Object principal) {
+			Assert.notNull(principal, "principal cannot be null");
+			this.principal = principal;
+			return (B) this;
+		}
+
+		@Override
+		public B credentials(@Nullable Object credentials) {
+			Assert.notNull(credentials, "credentials cannot be null");
+			this.credentials = credentials;
+			return (B) this;
+		}
+
+		/**
+		 * Use this {@link UserDetails}
+		 * @param userDetails the {@link UserDetails} to use
+		 * @return the {@link Builder} for further configurations
+		 */
+		public B userDetails(UserDetails userDetails) {
+			this.userDetails = userDetails;
+			return (B) this;
+		}
+
+		/**
+		 * Use this {@link Assertion}
+		 * @param assertion the {@link Assertion} to use
+		 * @return the {@link Builder} for further configurations
+		 */
+		public B assertion(Assertion assertion) {
+			this.assertion = assertion;
+			return (B) this;
+		}
+
+		@Override
+		public CasAuthenticationToken build() {
+			return new CasAuthenticationToken(this);
+		}
+
+	}
+
 }
@@ -52,7 +52,7 @@ public class CasServiceTicketAuthenticationToken extends AbstractAuthenticationT
 	 *
 	 */
 	public CasServiceTicketAuthenticationToken(String identifier, Object credentials) {
-		super(null);
+		super((Collection<? extends GrantedAuthority>) null);
 		this.identifier = identifier;
 		this.credentials = credentials;
 		setAuthenticated(false);
@@ -75,6 +75,12 @@ public CasServiceTicketAuthenticationToken(String identifier, Object credentials
 		super.setAuthenticated(true);
 	}
 
+	protected CasServiceTicketAuthenticationToken(Builder<?> builder) {
+		super(builder);
+		this.identifier = builder.principal;
+		this.credentials = builder.credentials;
+	}
+
 	public static CasServiceTicketAuthenticationToken stateful(Object credentials) {
 		return new CasServiceTicketAuthenticationToken(CAS_STATEFUL_IDENTIFIER, credentials);
 	}
@@ -110,4 +116,46 @@ public void eraseCredentials() {
 		this.credentials = null;
 	}
 
+	public Builder<?> toBuilder() {
+		return new Builder<>(this);
+	}
+
+	/**
+	 * A builder of {@link CasServiceTicketAuthenticationToken} instances
+	 *
+	 * @since 7.0
+	 */
+	public static class Builder<B extends Builder<B>> extends AbstractAuthenticationBuilder<B> {
+
+		private String principal;
+
+		private @Nullable Object credentials;
+
+		protected Builder(CasServiceTicketAuthenticationToken token) {
+			super(token);
+			this.principal = token.identifier;
+			this.credentials = token.credentials;
+		}
+
+		@Override
+		public B principal(@Nullable Object principal) {
+			Assert.isInstanceOf(String.class, principal, "principal must be of type String");
+			this.principal = (String) principal;
+			return (B) this;
+		}
+
+		@Override
+		public B credentials(@Nullable Object credentials) {
+			Assert.notNull(credentials, "credentials cannot be null");
+			this.credentials = credentials;
+			return (B) this;
+		}
+
+		@Override
+		public CasServiceTicketAuthenticationToken build() {
+			return new CasServiceTicketAuthenticationToken(this);
+		}
+
+	}
+
 }
@@ -18,6 +18,7 @@
 
 import java.util.Collections;
 import java.util.List;
+import java.util.Set;
 
 import org.apereo.cas.client.validation.Assertion;
 import org.apereo.cas.client.validation.AssertionImpl;
@@ -26,6 +27,7 @@
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
@@ -155,4 +157,29 @@ public void testToString() {
 		assertThat(result.lastIndexOf("Credentials (Service/Proxy Ticket):") != -1).isTrue();
 	}
 
+	@Test
+	public void toBuilderWhenApplyThenCopies() {
+		Assertion assertionOne = new AssertionImpl("test");
+		CasAuthenticationToken factorOne = new CasAuthenticationToken("key", "alice", "pass",
+				AuthorityUtils.createAuthorityList("FACTOR_ONE"), PasswordEncodedUser.user(), assertionOne);
+		Assertion assertionTwo = new AssertionImpl("test");
+		CasAuthenticationToken factorTwo = new CasAuthenticationToken("yek", "bob", "ssap",
+				AuthorityUtils.createAuthorityList("FACTOR_TWO"), PasswordEncodedUser.admin(), assertionTwo);
+		CasAuthenticationToken authentication = factorOne.toBuilder()
+			.authorities((a) -> a.addAll(factorTwo.getAuthorities()))
+			.key("yek")
+			.principal(factorTwo.getPrincipal())
+			.credentials(factorTwo.getCredentials())
+			.userDetails(factorTwo.getUserDetails())
+			.assertion(factorTwo.getAssertion())
+			.build();
+		Set<String> authorities = AuthorityUtils.authorityListToSet(authentication.getAuthorities());
+		assertThat(authentication.getKeyHash()).isEqualTo(factorTwo.getKeyHash());
+		assertThat(authentication.getPrincipal()).isEqualTo(factorTwo.getPrincipal());
+		assertThat(authentication.getCredentials()).isEqualTo(factorTwo.getCredentials());
+		assertThat(authentication.getUserDetails()).isEqualTo(factorTwo.getUserDetails());
+		assertThat(authentication.getAssertion()).isEqualTo(factorTwo.getAssertion());
+		assertThat(authorities).containsExactlyInAnyOrder("FACTOR_ONE", "FACTOR_TWO");
+	}
+
 }
@@ -17,7 +17,6 @@
 package org.springframework.security.config.ldap;
 
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -38,7 +37,6 @@
 import org.springframework.security.config.test.SpringTestContextExtension;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -82,8 +80,7 @@ protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, St
 		this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-			.andExpect(
-					authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
+			.andExpect(authenticated().withRoles("EXTRA"));
 	}
 
 	@Test
@@ -94,8 +91,7 @@ public void authenticationManagerFactoryWhenCustomAuthoritiesMapperThenUsed() th
 		this.spring.register(CustomAuthoritiesMapperConfig.class).autowire();
 
 		this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
-			.andExpect(
-					authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_CUSTOM"))));
+			.andExpect(authenticated().withRoles("CUSTOM"));
 	}
 
 	@Test
 
@@ -39,6 +39,7 @@
 import org.springframework.security.aot.hint.SecurityHintsRegistrar;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
+import org.springframework.security.authorization.AuthorizationManagerFactory;
 import org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor;
 import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
 import org.springframework.security.authorization.method.MethodInvocationResult;
@@ -121,6 +122,11 @@ void setRoleHierarchy(RoleHierarchy roleHierarchy) {
 		this.expressionHandler.setRoleHierarchy(roleHierarchy);
 	}
 
+	@Autowired(required = false)
+	void setAuthorizationManagerFactory(AuthorizationManagerFactory<MethodInvocation> authorizationManagerFactory) {
+		this.expressionHandler.setAuthorizationManagerFactory(authorizationManagerFactory);
+	}
+
 	@Autowired(required = false)
 	void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults) {
 		this.preFilterMethodInterceptor.setTemplateDefaults(templateDefaults);