SEC-1690: Refactor expression PropertyAccessor for dealing with properties as beans in the ApplicationContext.

2011-03-02 16:33:25 +00:00 · 2011-03-02 16:33:25 +00:00 · 131c80f444
parent 72f031253f
commit 131c80f444
3 changed files with 14 additions and 21 deletions
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@ -21,9 +21,8 @@ import org.springframework.security.core.Authentication;
 public abstract class AbstractSecurityExpressionHandler<T> implements SecurityExpressionHandler<T>, ApplicationContextAware {
    private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    private final ExpressionParser expressionParser = new SpelExpressionParser();
-    private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor();
+    private ApplicationContextPropertyAccessor sxrpa = new ApplicationContextPropertyAccessor(null);
    private RoleHierarchy roleHierarchy;
-    private ApplicationContext applicationContext;

    public final ExpressionParser getExpressionParser() {
        return expressionParser;
@ -42,7 +41,6 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
        SecurityExpressionRoot root = createSecurityExpressionRoot(authentication, invocation);
        root.setTrustResolver(trustResolver);
        root.setRoleHierarchy(roleHierarchy);
-        root.setApplicationContext(applicationContext);
        StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation);
        ctx.addPropertyAccessor(sxrpa);
        ctx.setRootObject(root);
@ -69,7 +67,7 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
     *
     * @param authentication the current authentication object
     * @param invocation the invocation (filter, method, channel)
-     * @return a
+     * @return the object wh
     */
    protected abstract SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, T invocation);

@ -78,6 +76,6 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
    }

    public void setApplicationContext(ApplicationContext applicationContext) {
-        this.applicationContext = applicationContext;
+        sxrpa = new ApplicationContextPropertyAccessor(applicationContext);
    }
 }
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java
@ -6,13 +6,17 @@ import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.PropertyAccessor;
 import org.springframework.expression.TypedValue;

-@SuppressWarnings("unchecked")
-final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
-    public final Class[] CLASSES = {SecurityExpressionRoot.class};
+/**
+ * General property accessor which resolves properties as bean names within an {@code ApplicationContext}.
+ */
+final class ApplicationContextPropertyAccessor implements PropertyAccessor {
+    private final ApplicationContext ctx;
+
+    ApplicationContextPropertyAccessor(ApplicationContext ctx) {
+        this.ctx = ctx;
+    }

    public boolean canRead(EvaluationContext context, Object target, String name) throws AccessException {
-        ApplicationContext ctx = ((SecurityExpressionRoot)target).getApplicationContext();
-
        if (ctx == null) {
            return false;
        }
@ -21,7 +25,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
    }

    public TypedValue read(EvaluationContext context, Object target, String name) throws AccessException {
-        return new TypedValue(((SecurityExpressionRoot)target).getApplicationContext().getBean(name));
+        return new TypedValue(ctx.getBean(name));
    }

    public boolean canWrite(EvaluationContext context, Object target, String name) throws AccessException {
@ -32,7 +36,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor {
    }

    public Class[] getSpecificTargetClasses() {
-        return CLASSES;
+        return null;
    }

 }
--- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java
@ -25,7 +25,6 @@ public abstract class SecurityExpressionRoot {
    private AuthenticationTrustResolver trustResolver;
    private RoleHierarchy roleHierarchy;
    private Set<String> roles;
-    private ApplicationContext applicationContext;

    /** Allows "permitAll" expression */
    public final boolean permitAll = true;
@ -110,14 +109,6 @@ public abstract class SecurityExpressionRoot {
        this.roleHierarchy = roleHierarchy;
    }

-    ApplicationContext getApplicationContext() {
-        return applicationContext;
-    }
-
-    public void setApplicationContext(ApplicationContext applicationContext) {
-        this.applicationContext = applicationContext;
-    }
-
    private Set<String> getAuthoritySet() {
        if (roles == null) {
            roles = new HashSet<String>();