Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish spring-security-taglibs main code 

Manually polish `spring-security-taglibs` following the formatting
and checkstyle fixes.

Issue gh-8945
This commit is contained in:
Phillip Webb 2020-07-31 23:03:43 -07:00 committed by Rob Winch
parent 1f03608b73
commit 2ca6256b89
6 changed files with 15 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
View File

@ -33,19 +33,18 @@ public final class TagLibConfig {
static Log logger = LogFactory.getLog("spring-security-taglibs"); static Log logger = LogFactory.getLog("spring-security-taglibs");
static final boolean DISABLE_UI_SECURITY; static final boolean DISABLE_UI_SECURITY;
static final String SECURED_UI_PREFIX; static final String SECURED_UI_PREFIX;
static final String SECURED_UI_SUFFIX; static final String SECURED_UI_SUFFIX;
static { static {
String db = System.getProperty("spring.security.disableUISecurity"); String db = System.getProperty("spring.security.disableUISecurity");
String prefix = System.getProperty("spring.security.securedUIPrefix"); String prefix = System.getProperty("spring.security.securedUIPrefix");
String suffix = System.getProperty("spring.security.securedUISuffix"); String suffix = System.getProperty("spring.security.securedUISuffix");
SECURED_UI_PREFIX = (prefix != null) ? prefix : "<span class=\"securityHiddenUI\">"; SECURED_UI_PREFIX = (prefix != null) ? prefix : "<span class=\"securityHiddenUI\">";
SECURED_UI_SUFFIX = (suffix != null) ? suffix : "</span>"; SECURED_UI_SUFFIX = (suffix != null) ? suffix : "</span>";
DISABLE_UI_SECURITY = "true".equals(db); DISABLE_UI_SECURITY = "true".equals(db);
if (DISABLE_UI_SECURITY) { if (DISABLE_UI_SECURITY) {
logger.warn("***** UI security is disabled. All unauthorized content will be displayed *****"); logger.warn("***** UI security is disabled. All unauthorized content will be displayed *****");
} }
@ -60,11 +59,7 @@ public final class TagLibConfig {
* @param authorized whether the user is authorized to see the content or not * @param authorized whether the user is authorized to see the content or not
*/ */
public static int evalOrSkip(boolean authorized) { public static int evalOrSkip(boolean authorized) {
if (authorized || DISABLE_UI_SECURITY) { return (authorized || DISABLE_UI_SECURITY) ? Tag.EVAL_BODY_INCLUDE : Tag.SKIP_BODY;
return Tag.EVAL_BODY_INCLUDE;
}
return Tag.SKIP_BODY;
} }
public static boolean isUiSecurityDisabled() { public static boolean isUiSecurityDisabled() {

37
taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
View File

@ -93,22 +93,13 @@ public abstract class AbstractAuthorizeTag {
* @throws IOException * @throws IOException
*/ */
public boolean authorize() throws IOException { public boolean authorize() throws IOException {
boolean isAuthorized;
if (StringUtils.hasText(getAccess())) { if (StringUtils.hasText(getAccess())) {
isAuthorized = authorizeUsingAccessExpression(); return authorizeUsingAccessExpression();
} }
else if (StringUtils.hasText(getUrl())) { if (StringUtils.hasText(getUrl())) {
isAuthorized = authorizeUsingUrlCheck(); return authorizeUsingUrlCheck();
} }
else { return false;
isAuthorized = false;
}
return isAuthorized;
} }
/** /**
@ -122,18 +113,14 @@ public abstract class AbstractAuthorizeTag {
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
return false; return false;
} }
SecurityExpressionHandler<FilterInvocation> handler = getExpressionHandler(); SecurityExpressionHandler<FilterInvocation> handler = getExpressionHandler();
Expression accessExpression; Expression accessExpression;
try { try {
accessExpression = handler.getExpressionParser().parseExpression(getAccess()); accessExpression = handler.getExpressionParser().parseExpression(getAccess());
} }
catch (ParseException ex) { catch (ParseException ex) {
throw new IOException(ex); throw new IOException(ex);
} }
return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler)); return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler));
} }
@ -144,7 +131,6 @@ public abstract class AbstractAuthorizeTag {
FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), (request, response) -> { FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), (request, response) -> {
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
}); });
return handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f); return handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f);
} }
@ -184,21 +170,17 @@ public abstract class AbstractAuthorizeTag {
this.method = (method != null) ? method.toUpperCase() : null; this.method = (method != null) ? method.toUpperCase() : null;
} }
/*------------- Private helper methods -----------------*/
@SuppressWarnings({ "unchecked", "rawtypes" }) @SuppressWarnings({ "unchecked", "rawtypes" })
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException { private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
ApplicationContext appContext = SecurityWebApplicationContextUtils ApplicationContext appContext = SecurityWebApplicationContextUtils
.findRequiredWebApplicationContext(getServletContext()); .findRequiredWebApplicationContext(getServletContext());
Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class); Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class);
for (SecurityExpressionHandler handler : handlers.values()) {
for (SecurityExpressionHandler h : handlers.values()) { if (FilterInvocation.class.equals(
if (FilterInvocation.class GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(), SecurityExpressionHandler.class))) { return handler;
return h;
} }
} }
throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application " throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags."); + "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
} }
@ -209,17 +191,14 @@ public abstract class AbstractAuthorizeTag {
if (privEvaluatorFromRequest != null) { if (privEvaluatorFromRequest != null) {
return privEvaluatorFromRequest; return privEvaluatorFromRequest;
} }
ApplicationContext ctx = SecurityWebApplicationContextUtils ApplicationContext ctx = SecurityWebApplicationContextUtils
.findRequiredWebApplicationContext(getServletContext()); .findRequiredWebApplicationContext(getServletContext());
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class); Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
if (wipes.size() == 0) { if (wipes.size() == 0) {
throw new IOException( throw new IOException(
"No visible WebInvocationPrivilegeEvaluator instance could be found in the application " "No visible WebInvocationPrivilegeEvaluator instance could be found in the application "
+ "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags."); + "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
} }
return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0]; return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
} }

24
taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
View File

@ -72,35 +72,23 @@ public class AccessControlListTag extends TagSupport {
if ((null == this.hasPermission) || "".equals(this.hasPermission)) { if ((null == this.hasPermission) || "".equals(this.hasPermission)) {
return skipBody(); return skipBody();
} }
initializeIfRequired(); initializeIfRequired();
if (this.domainObject == null) { if (this.domainObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("domainObject resolved to null, so including tag body"); logger.debug("domainObject resolved to null, so including tag body");
}
// Of course they have access to a null object! // Of course they have access to a null object!
return evalBody(); return evalBody();
} }
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) { if (authentication == null) {
if (logger.isDebugEnabled()) { logger.debug("SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
logger.debug(
"SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
}
return skipBody(); return skipBody();
} }
List<Object> requiredPermissions = parseHasPermission(this.hasPermission); List<Object> requiredPermissions = parseHasPermission(this.hasPermission);
for (Object requiredPermission : requiredPermissions) { for (Object requiredPermission : requiredPermissions) {
if (!this.permissionEvaluator.hasPermission(authentication, this.domainObject, requiredPermission)) { if (!this.permissionEvaluator.hasPermission(authentication, this.domainObject, requiredPermission)) {
return skipBody(); return skipBody();
} }
} }
return evalBody(); return evalBody();
} }
@ -112,7 +100,7 @@ public class AccessControlListTag extends TagSupport {
try { try {
parsedPermission = Integer.parseInt(permissionToParse); parsedPermission = Integer.parseInt(permissionToParse);
} }
catch (NumberFormatException notBitMask) { catch (NumberFormatException ex) {
} }
parsedPermissions.add(parsedPermission); parsedPermissions.add(parsedPermission);
} }
@ -141,7 +129,6 @@ public class AccessControlListTag extends TagSupport {
*/ */
protected ApplicationContext getContext(PageContext pageContext) { protected ApplicationContext getContext(PageContext pageContext) {
ServletContext servletContext = pageContext.getServletContext(); ServletContext servletContext = pageContext.getServletContext();
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext); return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
} }
@ -157,27 +144,22 @@ public class AccessControlListTag extends TagSupport {
if (this.applicationContext != null) { if (this.applicationContext != null) {
return; return;
} }
this.applicationContext = getContext(this.pageContext); this.applicationContext = getContext(this.pageContext);
this.permissionEvaluator = getBeanOfType(PermissionEvaluator.class); this.permissionEvaluator = getBeanOfType(PermissionEvaluator.class);
} }
private <T> T getBeanOfType(Class<T> type) throws JspException { private <T> T getBeanOfType(Class<T> type) throws JspException {
Map<String, T> map = this.applicationContext.getBeansOfType(type); Map<String, T> map = this.applicationContext.getBeansOfType(type);
for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context
.getParent()) { .getParent()) {
map.putAll(context.getBeansOfType(type)); map.putAll(context.getBeansOfType(type));
} }
if (map.size() == 0) { if (map.size() == 0) {
return null; return null;
} }
else if (map.size() == 1) { if (map.size() == 1) {
return map.values().iterator().next(); return map.values().iterator().next();
} }
throw new JspException("Found incorrect number of " + type.getSimpleName() + " instances in " throw new JspException("Found incorrect number of " + type.getSimpleName() + " instances in "
+ "application context - you must have only have one!"); + "application context - you must have only have one!");
} }

4
taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
View File

@ -91,13 +91,10 @@ public class AuthenticationTag extends TagSupport {
|| (SecurityContextHolder.getContext().getAuthentication() == null)) { || (SecurityContextHolder.getContext().getAuthentication() == null)) {
return Tag.EVAL_PAGE; return Tag.EVAL_PAGE;
} }
Authentication auth = SecurityContextHolder.getContext().getAuthentication(); Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth.getPrincipal() == null) { if (auth.getPrincipal() == null) {
return Tag.EVAL_PAGE; return Tag.EVAL_PAGE;
} }
try { try {
BeanWrapperImpl wrapper = new BeanWrapperImpl(auth); BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
result = wrapper.getPropertyValue(this.property); result = wrapper.getPropertyValue(this.property);
@ -106,7 +103,6 @@ public class AuthenticationTag extends TagSupport {
throw new JspException(ex); throw new JspException(ex);
} }
} }
if (this.var != null) { if (this.var != null) {
/* /*
* Store the result, letting an IllegalArgumentException propagate back if the * Store the result, letting an IllegalArgumentException propagate back if the

6
taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
View File

@ -68,17 +68,13 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
public int doStartTag() throws JspException { public int doStartTag() throws JspException {
try { try {
this.authorized = super.authorize(); this.authorized = super.authorize();
if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) { if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
this.pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix()); this.pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix());
} }
if (this.var != null) { if (this.var != null) {
this.pageContext.setAttribute(this.var, this.authorized, PageContext.PAGE_SCOPE); this.pageContext.setAttribute(this.var, this.authorized, PageContext.PAGE_SCOPE);
} }
return TagLibConfig.evalOrSkip(this.authorized); return TagLibConfig.evalOrSkip(this.authorized);
} }
catch (IOException ex) { catch (IOException ex) {
throw new JspException(ex); throw new JspException(ex);
@ -105,7 +101,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
catch (IOException ex) { catch (IOException ex) {
throw new JspException(ex); throw new JspException(ex);
} }
return EVAL_PAGE; return EVAL_PAGE;
} }
@ -222,7 +217,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
@Override @Override
public Object lookupVariable(String name) { public Object lookupVariable(String name) {
Object result = this.delegate.lookupVariable(name); Object result = this.delegate.lookupVariable(name);
if (result == null) { if (result == null) {
result = JspAuthorizeTag.this.pageContext.findAttribute(name); result = JspAuthorizeTag.this.pageContext.findAttribute(name);
} }

2
taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
View File

@ -33,7 +33,6 @@ abstract class AbstractCsrfTag extends TagSupport {
@Override @Override
public int doEndTag() throws JspException { public int doEndTag() throws JspException {
CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(CsrfToken.class.getName()); CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(CsrfToken.class.getName());
if (token != null) { if (token != null) {
try { try {
@ -43,7 +42,6 @@ abstract class AbstractCsrfTag extends TagSupport {
throw new JspException(ex); throw new JspException(ex);
} }
} }
return EVAL_PAGE; return EVAL_PAGE;
} }