Javadoc.

taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java

@@ -52,15 +52,18 @@ import org.springframework.web.util.ExpressionEvaluationUtils;
  * principal.
  * <p>
  * One or more comma separate numeric are specified via the <tt>hasPermission</tt> attribute.
- * These permissions are then converted into {@link Permission} instances. These instances are then presented as an
- * array to the {@link Acl#isGranted(Permission[], org.springframework.security.acls.model.Sid[], boolean)} method.
+ * These permissions are then converted into {@link Permission} instances using the {@link PermissionFactory}
+ * instance obtained from the application context, or a {@link DefaultPermissionFactory} if one isn't found.
+ * The <tt>Permission</tt> instances are then presented as a list
+ * array to the {@link Acl#isGranted(List, List, boolean)} method.
  * The {@link Sid} presented is determined by the {@link SidRetrievalStrategy}.
  * <p>
  * For this class to operate it must be able to access the application context via the
- * <code>WebApplicationContextUtils</code> and attempt to locate an {@link AclService} and {@link SidRetrievalStrategy}.
+ * <code>WebApplicationContextUtils</code> and attempt to locate an {@link AclService},
+ * {@link ObjectIdentityRetrievalStrategy} and {@link SidRetrievalStrategy}.
  * There cannot be more than one of these present. The <tt>AclService</tt> must be provided, but a
- * {@link SidRetrievalStrategyImpl} instance will be created as the default retrieval strategy if no implementation
- * is supplied by the application context.
+ * {@link SidRetrievalStrategyImpl} and/or an {@link ObjectIdentityRetrievalStrategyImpl} will be created if no
+ * implementations are found in the application context.
  *
  * @author Ben Alex
  * @version $Id$

taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java

@@ -16,12 +16,10 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockPageContext;
 import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.acls.AclPermissionEvaluator;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.AclService;
 import org.springframework.security.acls.model.ObjectIdentity;
 import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
-import org.springframework.security.acls.model.SidRetrievalStrategy;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.WebApplicationContext;
@@ -44,12 +42,12 @@ public class AccessControlListTagTests {
         WebApplicationContext ctx = mock(WebApplicationContext.class);
 
         AclService service = mock(AclService.class);
-        AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
         ObjectIdentity oid = mock(ObjectIdentity.class);
         ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
         when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
-        pe.setObjectIdentityRetrievalStrategy(oidStrategy);
-        pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
+//        AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
+//        pe.setObjectIdentityRetrievalStrategy(oidStrategy);
+//        pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
         acl = mock(Acl.class);
 
         when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);