Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-31 06:38:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish spring-security-taglibs main code

Browse Source 
Manually polish `spring-security-taglibs` following the formatting
and checkstyle fixes.

Issue gh-8945
This commit is contained in:
Phillip Webb 2020-07-31 23:03:43 -07:00 committed by Rob Winch
parent 1f03608b73
commit 2ca6256b89
6 changed files with 15 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
taglibs/src/main/java/org/springframework/security/taglibs/TagLibConfig.java
View File

@ -33,19 +33,18 @@ public final class TagLibConfig {
static Log logger = LogFactory.getLog("spring-security-taglibs");
static final boolean DISABLE_UI_SECURITY;
static final String SECURED_UI_PREFIX;
static final String SECURED_UI_SUFFIX;
static {
String db = System.getProperty("spring.security.disableUISecurity");
String prefix = System.getProperty("spring.security.securedUIPrefix");
String suffix = System.getProperty("spring.security.securedUISuffix");
SECURED_UI_PREFIX = (prefix != null) ? prefix : "<span class=\"securityHiddenUI\">";
SECURED_UI_SUFFIX = (suffix != null) ? suffix : "</span>";
DISABLE_UI_SECURITY = "true".equals(db);
if (DISABLE_UI_SECURITY) {
logger.warn("***** UI security is disabled. All unauthorized content will be displayed *****");
}
@ -60,11 +59,7 @@ public final class TagLibConfig {
* @param authorized whether the user is authorized to see the content or not
*/
public static int evalOrSkip(boolean authorized) {
if (authorized || DISABLE_UI_SECURITY) {
return Tag.EVAL_BODY_INCLUDE;
}
return Tag.SKIP_BODY;
return (authorized || DISABLE_UI_SECURITY) ? Tag.EVAL_BODY_INCLUDE : Tag.SKIP_BODY;
}
public static boolean isUiSecurityDisabled() {

37
taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
View File

@ -93,22 +93,13 @@ public abstract class AbstractAuthorizeTag {
* @throws IOException
*/
public boolean authorize() throws IOException {
boolean isAuthorized;
if (StringUtils.hasText(getAccess())) {
isAuthorized = authorizeUsingAccessExpression();
return authorizeUsingAccessExpression();
}
else if (StringUtils.hasText(getUrl())) {
isAuthorized = authorizeUsingUrlCheck();
if (StringUtils.hasText(getUrl())) {
return authorizeUsingUrlCheck();
}
else {
isAuthorized = false;
}
return isAuthorized;
return false;
}
/**
@ -122,18 +113,14 @@ public abstract class AbstractAuthorizeTag {
if (SecurityContextHolder.getContext().getAuthentication() == null) {
return false;
}
SecurityExpressionHandler<FilterInvocation> handler = getExpressionHandler();
Expression accessExpression;
try {
accessExpression = handler.getExpressionParser().parseExpression(getAccess());
}
catch (ParseException ex) {
throw new IOException(ex);
}
return ExpressionUtils.evaluateAsBoolean(accessExpression, createExpressionEvaluationContext(handler));
}
@ -144,7 +131,6 @@ public abstract class AbstractAuthorizeTag {
FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), (request, response) -> {
throw new UnsupportedOperationException();
});
return handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f);
}
@ -184,21 +170,17 @@ public abstract class AbstractAuthorizeTag {
this.method = (method != null) ? method.toUpperCase() : null;
}
/*------------- Private helper methods -----------------*/
@SuppressWarnings({ "unchecked", "rawtypes" })
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler() throws IOException {
ApplicationContext appContext = SecurityWebApplicationContextUtils
.findRequiredWebApplicationContext(getServletContext());
Map<String, SecurityExpressionHandler> handlers = appContext.getBeansOfType(SecurityExpressionHandler.class);
for (SecurityExpressionHandler h : handlers.values()) {
if (FilterInvocation.class
.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(), SecurityExpressionHandler.class))) {
return h;
for (SecurityExpressionHandler handler : handlers.values()) {
if (FilterInvocation.class.equals(
GenericTypeResolver.resolveTypeArgument(handler.getClass(), SecurityExpressionHandler.class))) {
return handler;
}
}
throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
+ "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
}
@ -209,17 +191,14 @@ public abstract class AbstractAuthorizeTag {
if (privEvaluatorFromRequest != null) {
return privEvaluatorFromRequest;
}
ApplicationContext ctx = SecurityWebApplicationContextUtils
.findRequiredWebApplicationContext(getServletContext());
Map<String, WebInvocationPrivilegeEvaluator> wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
if (wipes.size() == 0) {
throw new IOException(
"No visible WebInvocationPrivilegeEvaluator instance could be found in the application "
+ "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
}
return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
}

24
taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
View File

@ -72,35 +72,23 @@ public class AccessControlListTag extends TagSupport {
if ((null == this.hasPermission) || "".equals(this.hasPermission)) {
return skipBody();
}
initializeIfRequired();
if (this.domainObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("domainObject resolved to null, so including tag body");
}
// Of course they have access to a null object!
return evalBody();
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
if (logger.isDebugEnabled()) {
logger.debug(
"SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
}
logger.debug("SecurityContextHolder did not return a non-null Authentication object, so skipping tag body");
return skipBody();
}
List<Object> requiredPermissions = parseHasPermission(this.hasPermission);
for (Object requiredPermission : requiredPermissions) {
if (!this.permissionEvaluator.hasPermission(authentication, this.domainObject, requiredPermission)) {
return skipBody();
}
}
return evalBody();
}
@ -112,7 +100,7 @@ public class AccessControlListTag extends TagSupport {
try {
parsedPermission = Integer.parseInt(permissionToParse);
}
catch (NumberFormatException notBitMask) {
catch (NumberFormatException ex) {
}
parsedPermissions.add(parsedPermission);
}
@ -141,7 +129,6 @@ public class AccessControlListTag extends TagSupport {
*/
protected ApplicationContext getContext(PageContext pageContext) {
ServletContext servletContext = pageContext.getServletContext();
return SecurityWebApplicationContextUtils.findRequiredWebApplicationContext(servletContext);
}
@ -157,27 +144,22 @@ public class AccessControlListTag extends TagSupport {
if (this.applicationContext != null) {
return;
}
this.applicationContext = getContext(this.pageContext);
this.permissionEvaluator = getBeanOfType(PermissionEvaluator.class);
}
private <T> T getBeanOfType(Class<T> type) throws JspException {
Map<String, T> map = this.applicationContext.getBeansOfType(type);
for (ApplicationContext context = this.applicationContext.getParent(); context != null; context = context
.getParent()) {
map.putAll(context.getBeansOfType(type));
}
if (map.size() == 0) {
return null;
}
else if (map.size() == 1) {
if (map.size() == 1) {
return map.values().iterator().next();
}
throw new JspException("Found incorrect number of " + type.getSimpleName() + " instances in "
+ "application context - you must have only have one!");
}

4
taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
View File

@ -91,13 +91,10 @@ public class AuthenticationTag extends TagSupport {
|| (SecurityContextHolder.getContext().getAuthentication() == null)) {
return Tag.EVAL_PAGE;
}
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth.getPrincipal() == null) {
return Tag.EVAL_PAGE;
}
try {
BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
result = wrapper.getPropertyValue(this.property);
@ -106,7 +103,6 @@ public class AuthenticationTag extends TagSupport {
throw new JspException(ex);
}
}
if (this.var != null) {
/*
* Store the result, letting an IllegalArgumentException propagate back if the

6
taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
View File

@ -68,17 +68,13 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
public int doStartTag() throws JspException {
try {
this.authorized = super.authorize();
if (!this.authorized && TagLibConfig.isUiSecurityDisabled()) {
this.pageContext.getOut().write(TagLibConfig.getSecuredUiPrefix());
}
if (this.var != null) {
this.pageContext.setAttribute(this.var, this.authorized, PageContext.PAGE_SCOPE);
}
return TagLibConfig.evalOrSkip(this.authorized);
}
catch (IOException ex) {
throw new JspException(ex);
@ -105,7 +101,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
catch (IOException ex) {
throw new JspException(ex);
}
return EVAL_PAGE;
}
@ -222,7 +217,6 @@ public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
@Override
public Object lookupVariable(String name) {
Object result = this.delegate.lookupVariable(name);
if (result == null) {
result = JspAuthorizeTag.this.pageContext.findAttribute(name);
}

2
taglibs/src/main/java/org/springframework/security/taglibs/csrf/AbstractCsrfTag.java
View File

@ -33,7 +33,6 @@ abstract class AbstractCsrfTag extends TagSupport {
@Override
public int doEndTag() throws JspException {
CsrfToken token = (CsrfToken) this.pageContext.getRequest().getAttribute(CsrfToken.class.getName());
if (token != null) {
try {
@ -43,7 +42,6 @@ abstract class AbstractCsrfTag extends TagSupport {
throw new JspException(ex);
}
}
return EVAL_PAGE;
}