diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java index ba55b33b56..4db1d77cab 100644 --- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java @@ -21,9 +21,8 @@ import org.springframework.security.core.Authentication; public abstract class AbstractSecurityExpressionHandler implements SecurityExpressionHandler, ApplicationContextAware { private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); private final ExpressionParser expressionParser = new SpelExpressionParser(); - private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor(); + private ApplicationContextPropertyAccessor sxrpa = new ApplicationContextPropertyAccessor(null); private RoleHierarchy roleHierarchy; - private ApplicationContext applicationContext; public final ExpressionParser getExpressionParser() { return expressionParser; @@ -42,7 +41,6 @@ public abstract class AbstractSecurityExpressionHandler implements SecurityEx SecurityExpressionRoot root = createSecurityExpressionRoot(authentication, invocation); root.setTrustResolver(trustResolver); root.setRoleHierarchy(roleHierarchy); - root.setApplicationContext(applicationContext); StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation); ctx.addPropertyAccessor(sxrpa); ctx.setRootObject(root); @@ -69,7 +67,7 @@ public abstract class AbstractSecurityExpressionHandler implements SecurityEx * * @param authentication the current authentication object * @param invocation the invocation (filter, method, channel) - * @return a + * @return the object wh */ protected abstract SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, T invocation); @@ -78,6 +76,6 @@ public abstract class AbstractSecurityExpressionHandler implements SecurityEx } public void setApplicationContext(ApplicationContext applicationContext) { - this.applicationContext = applicationContext; + sxrpa = new ApplicationContextPropertyAccessor(applicationContext); } } diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java b/core/src/main/java/org/springframework/security/access/expression/ApplicationContextPropertyAccessor.java similarity index 71% rename from core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java rename to core/src/main/java/org/springframework/security/access/expression/ApplicationContextPropertyAccessor.java index 7fb8eee95f..bd03364a4a 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRootPropertyAccessor.java +++ b/core/src/main/java/org/springframework/security/access/expression/ApplicationContextPropertyAccessor.java @@ -6,13 +6,17 @@ import org.springframework.expression.EvaluationContext; import org.springframework.expression.PropertyAccessor; import org.springframework.expression.TypedValue; -@SuppressWarnings("unchecked") -final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor { - public final Class[] CLASSES = {SecurityExpressionRoot.class}; +/** + * General property accessor which resolves properties as bean names within an {@code ApplicationContext}. + */ +final class ApplicationContextPropertyAccessor implements PropertyAccessor { + private final ApplicationContext ctx; + + ApplicationContextPropertyAccessor(ApplicationContext ctx) { + this.ctx = ctx; + } public boolean canRead(EvaluationContext context, Object target, String name) throws AccessException { - ApplicationContext ctx = ((SecurityExpressionRoot)target).getApplicationContext(); - if (ctx == null) { return false; } @@ -21,7 +25,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor { } public TypedValue read(EvaluationContext context, Object target, String name) throws AccessException { - return new TypedValue(((SecurityExpressionRoot)target).getApplicationContext().getBean(name)); + return new TypedValue(ctx.getBean(name)); } public boolean canWrite(EvaluationContext context, Object target, String name) throws AccessException { @@ -32,7 +36,7 @@ final class SecurityExpressionRootPropertyAccessor implements PropertyAccessor { } public Class[] getSpecificTargetClasses() { - return CLASSES; + return null; } } diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java index 403007dea9..3c7b9658fd 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java @@ -25,7 +25,6 @@ public abstract class SecurityExpressionRoot { private AuthenticationTrustResolver trustResolver; private RoleHierarchy roleHierarchy; private Set roles; - private ApplicationContext applicationContext; /** Allows "permitAll" expression */ public final boolean permitAll = true; @@ -110,14 +109,6 @@ public abstract class SecurityExpressionRoot { this.roleHierarchy = roleHierarchy; } - ApplicationContext getApplicationContext() { - return applicationContext; - } - - public void setApplicationContext(ApplicationContext applicationContext) { - this.applicationContext = applicationContext; - } - private Set getAuthoritySet() { if (roles == null) { roles = new HashSet();