SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext.
This commit is contained in:
parent
72f031253f
commit
131c80f444
|
@ -21,9 +21,8 @@ import org.springframework.security.core.Authentication;
|
|||
public abstract class AbstractSecurityExpressionHandler<T> implements SecurityExpressionHandler<T>, ApplicationContextAware {
|
||||
private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
private final ExpressionParser expressionParser = new SpelExpressionParser();
|
||||
private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor();
|
||||
private ApplicationContextPropertyAccessor sxrpa = new ApplicationContextPropertyAccessor(null);
|
||||
private RoleHierarchy roleHierarchy;
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
public final ExpressionParser getExpressionParser() {
|
||||
return expressionParser;
|
||||
|
@ -42,7 +41,6 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
|
|||
SecurityExpressionRoot root = createSecurityExpressionRoot(authentication, invocation);
|
||||
root.setTrustResolver(trustResolver);
|
||||
root.setRoleHierarchy(roleHierarchy);
|
||||
root.setApplicationContext(applicationContext);
|
||||
StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
|
||||
ctx.addPropertyAccessor(sxrpa);
|
||||
ctx.setRootObject(root);
|
||||
|
@ -69,7 +67,7 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
|
|||
*
|
||||
* @param authentication the current authentication object
|
||||
* @param invocation the invocation (filter, method, channel)
|
||||
* @return a
|
||||
* @return the object wh
|
||||
*/
|
||||
protected abstract SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, T invocation);
|
||||
|
||||
|
@ -78,6 +76,6 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
|
|||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
sxrpa = new ApplicationContextPropertyAccessor(applicationContext);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,13 +6,17 @@ import org.springframework.expression.EvaluationContext;
|
|||
import org.springframework.expression.PropertyAccessor;
|
||||
import org.springframework.expression.TypedValue;
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
|
||||
public final Class[] CLASSES = {SecurityExpressionRoot.class};
|
||||
/**
|
||||
* General property accessor which resolves properties as bean names within an {@code ApplicationContext}.
|
||||
*/
|
||||
final class ApplicationContextPropertyAccessor implements PropertyAccessor {
|
||||
private final ApplicationContext ctx;
|
||||
|
||||
ApplicationContextPropertyAccessor(ApplicationContext ctx) {
|
||||
this.ctx = ctx;
|
||||
}
|
||||
|
||||
public boolean canRead(EvaluationContext context, Object target, String name) throws AccessException {
|
||||
ApplicationContext ctx = ((SecurityExpressionRoot)target).getApplicationContext();
|
||||
|
||||
if (ctx == null) {
|
||||
return false;
|
||||
}
|
||||
|
@ -21,7 +25,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
|
|||
}
|
||||
|
||||
public TypedValue read(EvaluationContext context, Object target, String name) throws AccessException {
|
||||
return new TypedValue(((SecurityExpressionRoot)target).getApplicationContext().getBean(name));
|
||||
return new TypedValue(ctx.getBean(name));
|
||||
}
|
||||
|
||||
public boolean canWrite(EvaluationContext context, Object target, String name) throws AccessException {
|
||||
|
@ -32,7 +36,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
|
|||
}
|
||||
|
||||
public Class[] getSpecificTargetClasses() {
|
||||
return CLASSES;
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
|
@ -25,7 +25,6 @@ public abstract class SecurityExpressionRoot {
|
|||
private AuthenticationTrustResolver trustResolver;
|
||||
private RoleHierarchy roleHierarchy;
|
||||
private Set<String> roles;
|
||||
private ApplicationContext applicationContext;
|
||||
|
||||
/** Allows "permitAll" expression */
|
||||
public final boolean permitAll = true;
|
||||
|
@ -110,14 +109,6 @@ public abstract class SecurityExpressionRoot {
|
|||
this.roleHierarchy = roleHierarchy;
|
||||
}
|
||||
|
||||
ApplicationContext getApplicationContext() {
|
||||
return applicationContext;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
|
||||
private Set<String> getAuthoritySet() {
|
||||
if (roles == null) {
|
||||
roles = new HashSet<String>();
|
||||
|
|
Loading…
Reference in New Issue