SEC-747: impossible to specify "observeOncePerRequest" property in the namespace based configuration.

http://jira.springframework.org/browse/SEC-747. Added once-per-request attribute to http element.

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -95,6 +95,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
     
     static final String ATT_ENTRY_POINT_REF = "entry-point-ref";
     
+    static final String ATT_ONCE_PER_REQUEST = "once-per-request";
+
     public BeanDefinition parse(Element element, ParserContext parserContext) {
         BeanDefinitionRegistry registry = parserContext.getRegistry();
         RootBeanDefinition filterChainProxy = new RootBeanDefinition(FilterChainProxy.class);
@@ -157,6 +159,10 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         filterSecurityInterceptorBuilder.addPropertyValue("authenticationManager",
                 ConfigUtils.registerProviderManagerIfNecessary(parserContext));
         
+        if ("true".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
+        	filterSecurityInterceptorBuilder.addPropertyValue("observeOncePerRequest", Boolean.TRUE);
+        }
+
         // SEC-501 - should paths stored in request maps be converted to lower case
         // true if Ant path and using lower case
         boolean convertPathsToLowerCase = (matcher instanceof AntUrlPathMatcher) && matcher.requiresLowerCaseUrl();

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -214,6 +214,9 @@ http.attlist &=
 http.attlist &=
     ## Allows a customized AuthenticationEntryPoint to be used.
     attribute entry-point-ref {xsd:string}?
+http.attlist &=
+    ## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "false"
+    attribute once-per-request {"true" | "false"}?
 
 
 intercept-url =

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -710,6 +710,18 @@
         used.</xs:documentation>
       </xs:annotation>
     </xs:attribute>
+    <xs:attribute name="once-per-request">
+      <xs:annotation>
+        <xs:documentation>Corresponds to the observeOncePerRequest property of
+          FilterSecurityInterceptor. Defaults to "false"</xs:documentation>
+      </xs:annotation>
+      <xs:simpleType>
+        <xs:restriction base="xs:token">
+          <xs:enumeration value="true"/>
+          <xs:enumeration value="false"/>
+        </xs:restriction>
+      </xs:simpleType>
+    </xs:attribute>
   </xs:attributeGroup>
   <xs:attributeGroup name="intercept-url.attlist">
     <xs:attribute name="pattern" use="required" type="xs:string">

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -189,6 +189,17 @@ public class HttpSecurityBeanDefinitionParserTests {
         setContext("<http><http-basic /></http>" + AUTH_PROVIDER_XML);
     }
 
+    @Test
+    public void oncePerRequestAttributeIsSupported() {
+        setContext("<http once-per-request='true'><http-basic /></http>" + AUTH_PROVIDER_XML);
+        FilterChainProxy filterChainProxy = getFilterChainProxy();
+        List filters = filterChainProxy.getFilters("/someurl");
+        
+        FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) filters.get(filters.size() - 1);
+        
+        assertTrue(fsi.isObserveOncePerRequest());
+    }    
+    
     @Test
     public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() {
         setContext(
@@ -196,7 +207,6 @@ public class HttpSecurityBeanDefinitionParserTests {
                 "        <intercept-url pattern='/**' requires-channel='https' />" +
                 "    </http>" + AUTH_PROVIDER_XML);
         FilterChainProxy filterChainProxy = getFilterChainProxy();
-
         List filters = filterChainProxy.getFilters("/someurl");
 
         assertEquals("Expected 12 filters in chain", 12, filters.size());