SEC-999: Refactored expression security classes for better separation of concerns and of method vs web authorization expressions.
This commit is contained in:
Luke Taylor
parent
790c3e6f79
commit
3acd515c6c
|
|
@ -13,7 +13,7 @@ import org.springframework.beans.factory.support.ManagedList;
|
||||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||||
import org.springframework.beans.factory.xml.ParserContext;
|
import org.springframework.beans.factory.xml.ParserContext;
|
||||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||||
import org.springframework.security.expression.support.MethodExpressionVoter;
|
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||||
import org.springframework.security.util.UrlUtils;
|
import org.springframework.security.util.UrlUtils;
|
||||||
import org.springframework.security.vote.AffirmativeBased;
|
import org.springframework.security.vote.AffirmativeBased;
|
||||||
import org.springframework.security.vote.AuthenticatedVoter;
|
import org.springframework.security.vote.AuthenticatedVoter;
|
||||||
|
|
|
||||||
|
|
@ -19,9 +19,9 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||||
import org.springframework.beans.factory.xml.ParserContext;
|
import org.springframework.beans.factory.xml.ParserContext;
|
||||||
import org.springframework.security.ConfigAttribute;
|
import org.springframework.security.ConfigAttribute;
|
||||||
import org.springframework.security.SecurityConfig;
|
import org.springframework.security.SecurityConfig;
|
||||||
import org.springframework.security.expression.DefaultSecurityExpressionHandler;
|
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||||
import org.springframework.security.expression.support.MethodExpressionAfterInvocationProvider;
|
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||||
import org.springframework.security.expression.support.MethodExpressionVoter;
|
import org.springframework.security.expression.support.DefaultSecurityExpressionHandler;
|
||||||
import org.springframework.security.intercept.method.DelegatingMethodDefinitionSource;
|
import org.springframework.security.intercept.method.DelegatingMethodDefinitionSource;
|
||||||
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
|
import org.springframework.security.intercept.method.MapBasedMethodDefinitionSource;
|
||||||
import org.springframework.security.intercept.method.ProtectPointcutPostProcessor;
|
import org.springframework.security.intercept.method.ProtectPointcutPostProcessor;
|
||||||
|
|
@ -46,7 +46,7 @@ class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||||
|
|
||||||
static final String SECURED_DEPENDENCY_CLASS = "org.springframework.security.annotation.Secured";
|
static final String SECURED_DEPENDENCY_CLASS = "org.springframework.security.annotation.Secured";
|
||||||
static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodDefinitionSource";
|
static final String SECURED_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.SecuredMethodDefinitionSource";
|
||||||
static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.support.ExpressionAnnotationMethodDefinitionSource";
|
static final String EXPRESSION_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.expression.method.ExpressionAnnotationMethodDefinitionSource";
|
||||||
static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodDefinitionSource";
|
static final String JSR_250_SECURITY_METHOD_DEFINITION_SOURCE_CLASS = "org.springframework.security.annotation.Jsr250MethodDefinitionSource";
|
||||||
static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
static final String JSR_250_VOTER_CLASS = "org.springframework.security.annotation.Jsr250Voter";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,5 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression;
|
||||||
|
|
||||||
import java.lang.reflect.Array;
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.springframework.expression.EvaluationContext;
|
import org.springframework.expression.EvaluationContext;
|
||||||
import org.springframework.expression.EvaluationException;
|
import org.springframework.expression.EvaluationException;
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
|
|
@ -18,6 +13,4 @@ public class ExpressionUtils {
|
||||||
throw new IllegalArgumentException("Failed to evaluate expression", e);
|
throw new IllegalArgumentException("Failed to evaluate expression", e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
package org.springframework.security.expression;
|
|
||||||
|
|
||||||
import org.springframework.security.Authentication;
|
|
||||||
|
|
||||||
public class MethodInvocationSecurityExpressionRoot extends SecurityExpressionRoot {
|
|
||||||
|
|
||||||
MethodInvocationSecurityExpressionRoot(Authentication a) {
|
|
||||||
super(a);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -4,6 +4,7 @@ import org.aopalliance.intercept.MethodInvocation;
|
||||||
import org.springframework.expression.EvaluationContext;
|
import org.springframework.expression.EvaluationContext;
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
|
import org.springframework.security.intercept.web.FilterInvocation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Facade which isolates Spring Security's requirements from the implementation of the underlying
|
* Facade which isolates Spring Security's requirements from the implementation of the underlying
|
||||||
|
|
@ -18,15 +19,21 @@ public interface SecurityExpressionHandler {
|
||||||
/**
|
/**
|
||||||
* Provides a evaluation context in which to evaluate security expressions for a method invocation.
|
* Provides a evaluation context in which to evaluate security expressions for a method invocation.
|
||||||
*/
|
*/
|
||||||
EvaluationContext createEvaluationContext(Authentication auth, MethodInvocation mi);
|
EvaluationContext createEvaluationContext(Authentication authentication, MethodInvocation mi);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Provides a evaluation context in which to evaluate security expressions for a web invocation.
|
||||||
|
*/
|
||||||
|
EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Filters a target collection or array.
|
* Filters a target collection or array.
|
||||||
|
* Only applies to method invocations.
|
||||||
*
|
*
|
||||||
* @param filterTarget the array or collection to be filtered.
|
* @param filterTarget the array or collection to be filtered.
|
||||||
* @param filterExpression the expression which should be used as the filter condition. If it returns false on
|
* @param filterExpression the expression which should be used as the filter condition. If it returns false on
|
||||||
* evaluation, the object will be removed from the returned collection
|
* evaluation, the object will be removed from the returned collection
|
||||||
* @param ctx the current evaluation context (usualy as created through a call to
|
* @param ctx the current evaluation context (as created through a call to
|
||||||
* {@link #createEvaluationContext(Authentication, MethodInvocation)}
|
* {@link #createEvaluationContext(Authentication, MethodInvocation)}
|
||||||
* @return the filtered collection or array
|
* @return the filtered collection or array
|
||||||
*/
|
*/
|
||||||
|
|
@ -34,9 +41,11 @@ public interface SecurityExpressionHandler {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Used to inform the expression system of the return object for the given evaluation context.
|
* Used to inform the expression system of the return object for the given evaluation context.
|
||||||
|
* Only applies to method invocations.
|
||||||
*
|
*
|
||||||
* @param returnObject the return object value
|
* @param returnObject the return object value
|
||||||
* @param ctx the context within which the object should be set
|
* @param ctx the context within which the object should be set (as created through a call to
|
||||||
|
* {@link #createEvaluationContext(Authentication, MethodInvocation)}
|
||||||
*/
|
*/
|
||||||
void setReturnObject(Object returnObject, EvaluationContext ctx);
|
void setReturnObject(Object returnObject, EvaluationContext ctx);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.expression.ParseException;
|
import org.springframework.expression.ParseException;
|
||||||
|
|
@ -33,7 +33,6 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
|
||||||
|
|
||||||
AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression, Expression authorizeExpression) throws ParseException {
|
AbstractExpressionBasedMethodConfigAttribute(Expression filterExpression, Expression authorizeExpression) throws ParseException {
|
||||||
Assert.isTrue(filterExpression != null || authorizeExpression != null, "Filter and authorization Expressions cannot both be null");
|
Assert.isTrue(filterExpression != null || authorizeExpression != null, "Filter and authorization Expressions cannot both be null");
|
||||||
SpelExpressionParser parser = new SpelExpressionParser();
|
|
||||||
this.filterExpression = filterExpression == null ? null : filterExpression;
|
this.filterExpression = filterExpression == null ? null : filterExpression;
|
||||||
this.authorizeExpression = authorizeExpression == null ? null : authorizeExpression;
|
this.authorizeExpression = authorizeExpression == null ? null : authorizeExpression;
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import java.lang.annotation.Annotation;
|
import java.lang.annotation.Annotation;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
|
@ -11,9 +11,9 @@ import org.springframework.security.AccessDeniedException;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
import org.springframework.security.ConfigAttribute;
|
import org.springframework.security.ConfigAttribute;
|
||||||
import org.springframework.security.afterinvocation.AfterInvocationProvider;
|
import org.springframework.security.afterinvocation.AfterInvocationProvider;
|
||||||
import org.springframework.security.expression.DefaultSecurityExpressionHandler;
|
|
||||||
import org.springframework.security.expression.ExpressionUtils;
|
import org.springframework.security.expression.ExpressionUtils;
|
||||||
import org.springframework.security.expression.SecurityExpressionHandler;
|
import org.springframework.security.expression.SecurityExpressionHandler;
|
||||||
|
import org.springframework.security.expression.support.DefaultSecurityExpressionHandler;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* AfterInvocationProvider which handles the @PostAuthorize and @PostFilter annotation expressions.
|
* AfterInvocationProvider which handles the @PostAuthorize and @PostFilter annotation expressions.
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
@ -10,9 +10,9 @@ import org.springframework.expression.EvaluationContext;
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
import org.springframework.security.ConfigAttribute;
|
import org.springframework.security.ConfigAttribute;
|
||||||
import org.springframework.security.expression.DefaultSecurityExpressionHandler;
|
|
||||||
import org.springframework.security.expression.ExpressionUtils;
|
import org.springframework.security.expression.ExpressionUtils;
|
||||||
import org.springframework.security.expression.SecurityExpressionHandler;
|
import org.springframework.security.expression.SecurityExpressionHandler;
|
||||||
|
import org.springframework.security.expression.support.DefaultSecurityExpressionHandler;
|
||||||
import org.springframework.security.vote.AccessDecisionVoter;
|
import org.springframework.security.vote.AccessDecisionVoter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.expression.ParseException;
|
import org.springframework.expression.ParseException;
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.expression.ParseException;
|
import org.springframework.expression.ParseException;
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
import java.lang.reflect.Array;
|
import java.lang.reflect.Array;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
@ -12,17 +12,19 @@ import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
|
||||||
import org.springframework.core.ParameterNameDiscoverer;
|
import org.springframework.core.ParameterNameDiscoverer;
|
||||||
import org.springframework.expression.EvaluationContext;
|
import org.springframework.expression.EvaluationContext;
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
|
import org.springframework.expression.spel.standard.StandardEvaluationContext;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
import org.springframework.security.AuthenticationTrustResolver;
|
import org.springframework.security.AuthenticationTrustResolver;
|
||||||
import org.springframework.security.AuthenticationTrustResolverImpl;
|
import org.springframework.security.AuthenticationTrustResolverImpl;
|
||||||
|
import org.springframework.security.expression.ExpressionUtils;
|
||||||
|
import org.springframework.security.expression.PermissionEvaluator;
|
||||||
|
import org.springframework.security.expression.SecurityExpressionHandler;
|
||||||
|
import org.springframework.security.intercept.web.FilterInvocation;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The standard implementation of <tt>SecurityExpressionHandler</tt> which uses a {@link SecurityEvaluationContext}
|
* The standard implementation of <tt>SecurityExpressionHandler</tt>.
|
||||||
* as the <tt>EvaluationContext</tt> implementation and configures it with a {@link SecurityExpressionRoot} instance
|
|
||||||
* as the expression root object.
|
|
||||||
* <p>
|
* <p>
|
||||||
* A single instance should usually be shared between the expression voter and after-invocation provider.
|
* A single instance should usually be shared.
|
||||||
*
|
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
|
|
@ -39,9 +41,13 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
|
||||||
public DefaultSecurityExpressionHandler() {
|
public DefaultSecurityExpressionHandler() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Uses a {@link MethodSecurityEvaluationContext} as the <tt>EvaluationContext</tt> implementation and
|
||||||
|
* configures it with a {@link SecurityExpressionRoot} instance as the expression root object.
|
||||||
|
*/
|
||||||
public EvaluationContext createEvaluationContext(Authentication auth, MethodInvocation mi) {
|
public EvaluationContext createEvaluationContext(Authentication auth, MethodInvocation mi) {
|
||||||
SecurityEvaluationContext ctx = new SecurityEvaluationContext(auth, mi, parameterNameDiscoverer);
|
MethodSecurityEvaluationContext ctx = new MethodSecurityEvaluationContext(auth, mi, parameterNameDiscoverer);
|
||||||
SecurityExpressionRoot root = new SecurityExpressionRoot(auth);
|
MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(auth);
|
||||||
root.setTrustResolver(trustResolver);
|
root.setTrustResolver(trustResolver);
|
||||||
root.setPermissionEvaluator(permissionEvaluator);
|
root.setPermissionEvaluator(permissionEvaluator);
|
||||||
ctx.setRootObject(root);
|
ctx.setRootObject(root);
|
||||||
|
|
@ -49,9 +55,15 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
|
||||||
return ctx;
|
return ctx;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi) {
|
||||||
|
StandardEvaluationContext ctx = new StandardEvaluationContext();
|
||||||
|
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
|
public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
|
||||||
SecurityExpressionRoot rootObject = (SecurityExpressionRoot) ctx.getRootContextObject();
|
MethodSecurityExpressionRoot rootObject = (MethodSecurityExpressionRoot) ctx.getRootContextObject();
|
||||||
List retainList;
|
List retainList;
|
||||||
|
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
|
|
@ -128,6 +140,7 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setReturnObject(Object returnObject, EvaluationContext ctx) {
|
public void setReturnObject(Object returnObject, EvaluationContext ctx) {
|
||||||
((SecurityExpressionRoot)ctx.getRootContextObject()).setReturnObject(returnObject);
|
((MethodSecurityExpressionRoot)ctx.getRootContextObject()).setReturnObject(returnObject);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
|
import org.springframework.security.expression.PermissionEvaluator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A null PermissionEvaluator which denies all access. Used by default for situations when permission
|
* A null PermissionEvaluator which denies all access. Used by default for situations when permission
|
||||||
|
|
@ -14,7 +15,7 @@ import org.springframework.security.Authentication;
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
* @since 2.5
|
* @since 2.5
|
||||||
*/
|
*/
|
||||||
public final class DenyAllPermissionEvaluator implements PermissionEvaluator {
|
class DenyAllPermissionEvaluator implements PermissionEvaluator {
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(getClass());
|
private final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
||||||
|
|
@ -0,0 +1,50 @@
|
||||||
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
import org.springframework.security.Authentication;
|
||||||
|
import org.springframework.security.expression.PermissionEvaluator;
|
||||||
|
|
||||||
|
public class MethodInvocationSecurityExpressionRoot extends SecurityExpressionRoot {
|
||||||
|
private PermissionEvaluator permissionEvaluator;
|
||||||
|
private Object filterObject;
|
||||||
|
private Object returnObject;
|
||||||
|
public final String read = "read";
|
||||||
|
public final String write = "write";
|
||||||
|
public final String create = "create";
|
||||||
|
public final String delete = "delete";
|
||||||
|
public final String admin = "administration";
|
||||||
|
|
||||||
|
MethodInvocationSecurityExpressionRoot(Authentication a) {
|
||||||
|
super(a);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasPermission(Object target, Object permission) {
|
||||||
|
return permissionEvaluator.hasPermission(authentication, target, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasPermission(Object targetId, String targetType, Object permission) {
|
||||||
|
return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setFilterObject(Object filterObject) {
|
||||||
|
this.filterObject = filterObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getFilterObject() {
|
||||||
|
return filterObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setReturnObject(Object returnObject) {
|
||||||
|
this.returnObject = returnObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getReturnObject() {
|
||||||
|
return returnObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
|
||||||
|
this.permissionEvaluator = permissionEvaluator;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
|
|
@ -17,7 +17,7 @@ import org.springframework.util.ClassUtils;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 2.5
|
* @since 2.5
|
||||||
*/
|
*/
|
||||||
public class SecurityEvaluationContext extends StandardEvaluationContext {
|
class MethodSecurityEvaluationContext extends StandardEvaluationContext {
|
||||||
private ParameterNameDiscoverer parameterNameDiscoverer;
|
private ParameterNameDiscoverer parameterNameDiscoverer;
|
||||||
private boolean argumentsAdded;
|
private boolean argumentsAdded;
|
||||||
private MethodInvocation mi;
|
private MethodInvocation mi;
|
||||||
|
|
@ -27,11 +27,11 @@ public class SecurityEvaluationContext extends StandardEvaluationContext {
|
||||||
* for each instance. Use the constructor which takes the resolver, as an argument thus
|
* for each instance. Use the constructor which takes the resolver, as an argument thus
|
||||||
* allowing for caching.
|
* allowing for caching.
|
||||||
*/
|
*/
|
||||||
public SecurityEvaluationContext(Authentication user, MethodInvocation mi) {
|
public MethodSecurityEvaluationContext(Authentication user, MethodInvocation mi) {
|
||||||
this(user, mi, new LocalVariableTableParameterNameDiscoverer());
|
this(user, mi, new LocalVariableTableParameterNameDiscoverer());
|
||||||
}
|
}
|
||||||
|
|
||||||
public SecurityEvaluationContext(Authentication user, MethodInvocation mi,
|
public MethodSecurityEvaluationContext(Authentication user, MethodInvocation mi,
|
||||||
ParameterNameDiscoverer parameterNameDiscoverer) {
|
ParameterNameDiscoverer parameterNameDiscoverer) {
|
||||||
this.mi = mi;
|
this.mi = mi;
|
||||||
this.parameterNameDiscoverer = parameterNameDiscoverer;
|
this.parameterNameDiscoverer = parameterNameDiscoverer;
|
||||||
|
|
@ -0,0 +1,58 @@
|
||||||
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
import org.springframework.security.Authentication;
|
||||||
|
import org.springframework.security.expression.PermissionEvaluator;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extended expression root object which contains extra method-specific functionality.
|
||||||
|
*
|
||||||
|
* @author Luke Taylor
|
||||||
|
* @version $Id$
|
||||||
|
* @since 2.5
|
||||||
|
*/
|
||||||
|
class MethodSecurityExpressionRoot extends SecurityExpressionRoot {
|
||||||
|
private PermissionEvaluator permissionEvaluator;
|
||||||
|
private Object filterObject;
|
||||||
|
private Object returnObject;
|
||||||
|
public final String read = "read";
|
||||||
|
public final String write = "write";
|
||||||
|
public final String create = "create";
|
||||||
|
public final String delete = "delete";
|
||||||
|
public final String admin = "administration";
|
||||||
|
|
||||||
|
MethodSecurityExpressionRoot(Authentication a) {
|
||||||
|
super(a);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasPermission(Object target, Object permission) {
|
||||||
|
return permissionEvaluator.hasPermission(authentication, target, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean hasPermission(Object targetId, String targetType, Object permission) {
|
||||||
|
return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setFilterObject(Object filterObject) {
|
||||||
|
this.filterObject = filterObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getFilterObject() {
|
||||||
|
return filterObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setReturnObject(Object returnObject) {
|
||||||
|
this.returnObject = returnObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getReturnObject() {
|
||||||
|
return returnObject;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
|
||||||
|
this.permissionEvaluator = permissionEvaluator;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,6 +1,5 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
import java.io.Serializable;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
|
|
@ -10,32 +9,21 @@ import org.springframework.security.util.AuthorityUtils;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default root object for use in Spring Security expression evaluations.
|
* Base root object for use in Spring Security expression evaluations.
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
* @since 2.5
|
* @since 2.5
|
||||||
*/
|
*/
|
||||||
public class SecurityExpressionRoot {
|
abstract class SecurityExpressionRoot {
|
||||||
private Authentication authentication;
|
protected final Authentication authentication;
|
||||||
private AuthenticationTrustResolver trustResolver;
|
private AuthenticationTrustResolver trustResolver;
|
||||||
private PermissionEvaluator permissionEvaluator;
|
|
||||||
private Object filterObject;
|
|
||||||
private Object returnObject;
|
|
||||||
|
|
||||||
/** Allows "permitAll" expression */
|
/** Allows "permitAll" expression */
|
||||||
public final boolean permitAll = true;
|
public final boolean permitAll = true;
|
||||||
|
|
||||||
/** Allows "denyAll" expression */
|
/** Allows "denyAll" expression */
|
||||||
public final boolean denyAll = false;
|
public final boolean denyAll = false;
|
||||||
|
|
||||||
public final String read = "read";
|
|
||||||
public final String write = "write";
|
|
||||||
public final String create = "create";
|
|
||||||
public final String delete = "delete";
|
|
||||||
public final String admin = "administration";
|
|
||||||
|
|
||||||
|
|
||||||
SecurityExpressionRoot(Authentication a) {
|
SecurityExpressionRoot(Authentication a) {
|
||||||
if (a == null) {
|
if (a == null) {
|
||||||
throw new IllegalArgumentException("Authentication object cannot be null");
|
throw new IllegalArgumentException("Authentication object cannot be null");
|
||||||
|
|
@ -54,7 +42,7 @@ public class SecurityExpressionRoot {
|
||||||
}
|
}
|
||||||
|
|
||||||
public final boolean hasAnyRole(String... roles) {
|
public final boolean hasAnyRole(String... roles) {
|
||||||
Set roleSet = AuthorityUtils.authorityArrayToSet(authentication.getAuthorities());
|
Set<String> roleSet = AuthorityUtils.authorityArrayToSet(authentication.getAuthorities());
|
||||||
|
|
||||||
for (String role : roles) {
|
for (String role : roles) {
|
||||||
if (roleSet.contains(role)) {
|
if (roleSet.contains(role)) {
|
||||||
|
|
@ -65,6 +53,10 @@ public class SecurityExpressionRoot {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public final Authentication getAuthentication() {
|
||||||
|
return authentication;
|
||||||
|
}
|
||||||
|
|
||||||
public final boolean permitAll() {
|
public final boolean permitAll() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
@ -85,45 +77,11 @@ public class SecurityExpressionRoot {
|
||||||
return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
|
return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasPermission(Object target, Object permission) {
|
|
||||||
return permissionEvaluator.hasPermission(authentication, target, permission);
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean hasPermission(Object targetId, String targetType, Object permission) {
|
|
||||||
return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
|
|
||||||
}
|
|
||||||
|
|
||||||
public Authentication getAuthentication() {
|
|
||||||
return authentication;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setFilterObject(Object filterObject) {
|
|
||||||
this.filterObject = filterObject;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getFilterObject() {
|
|
||||||
return filterObject;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setReturnObject(Object returnObject) {
|
|
||||||
this.returnObject = returnObject;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getReturnObject() {
|
|
||||||
return returnObject;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Object getPrincipal() {
|
public Object getPrincipal() {
|
||||||
return authentication.getPrincipal();
|
return authentication.getPrincipal();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
|
|
||||||
this.permissionEvaluator = permissionEvaluator;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
|
public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
|
||||||
this.trustResolver = trustResolver;
|
this.trustResolver = trustResolver;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -1,26 +0,0 @@
|
||||||
package org.springframework.security.expression.support;
|
|
||||||
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.springframework.security.Authentication;
|
|
||||||
import org.springframework.security.ConfigAttribute;
|
|
||||||
import org.springframework.security.intercept.web.FilterInvocation;
|
|
||||||
import org.springframework.security.vote.AccessDecisionVoter;
|
|
||||||
|
|
||||||
public class WebExpressionVoter implements AccessDecisionVoter {
|
|
||||||
|
|
||||||
public boolean supports(ConfigAttribute attribute) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean supports(Class<? extends Object> clazz) {
|
|
||||||
return clazz.isAssignableFrom(FilterInvocation.class);
|
|
||||||
}
|
|
||||||
|
|
||||||
public int vote(Authentication authentication, Object object,
|
|
||||||
List<ConfigAttribute> attributes) {
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -1,11 +1,18 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.web;
|
||||||
|
|
||||||
import org.springframework.expression.Expression;
|
import org.springframework.expression.Expression;
|
||||||
import org.springframework.expression.ParseException;
|
import org.springframework.expression.ParseException;
|
||||||
import org.springframework.expression.spel.SpelExpressionParser;
|
import org.springframework.expression.spel.SpelExpressionParser;
|
||||||
import org.springframework.security.ConfigAttribute;
|
import org.springframework.security.ConfigAttribute;
|
||||||
|
|
||||||
public class WebExpressionConfigAttribute implements ConfigAttribute {
|
/**
|
||||||
|
* Simple expression configuration attribute for use in web request authorizations.
|
||||||
|
*
|
||||||
|
* @author Luke Taylor
|
||||||
|
* @version $Id$
|
||||||
|
* @since 2.5
|
||||||
|
*/
|
||||||
|
class WebExpressionConfigAttribute implements ConfigAttribute {
|
||||||
private final Expression authorizeExpression;
|
private final Expression authorizeExpression;
|
||||||
|
|
||||||
public WebExpressionConfigAttribute(String authorizeExpression) throws ParseException {
|
public WebExpressionConfigAttribute(String authorizeExpression) throws ParseException {
|
||||||
|
|
@ -0,0 +1,59 @@
|
||||||
|
package org.springframework.security.expression.web;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import org.aopalliance.intercept.MethodInvocation;
|
||||||
|
import org.springframework.expression.EvaluationContext;
|
||||||
|
import org.springframework.security.Authentication;
|
||||||
|
import org.springframework.security.ConfigAttribute;
|
||||||
|
import org.springframework.security.expression.SecurityExpressionHandler;
|
||||||
|
import org.springframework.security.expression.support.DefaultSecurityExpressionHandler;
|
||||||
|
import org.springframework.security.intercept.web.FilterInvocation;
|
||||||
|
import org.springframework.security.vote.AccessDecisionVoter;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Voter which handles web authorisation decisions.
|
||||||
|
* @author Luke Taylor
|
||||||
|
* @version $Id$
|
||||||
|
* @since
|
||||||
|
*/
|
||||||
|
public class WebExpressionVoter implements AccessDecisionVoter {
|
||||||
|
private SecurityExpressionHandler expressionHandler = new DefaultSecurityExpressionHandler();
|
||||||
|
|
||||||
|
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||||
|
WebExpressionConfigAttribute weca = findConfigAttribute(attributes);
|
||||||
|
|
||||||
|
if (weca == null) {
|
||||||
|
return ACCESS_ABSTAIN;
|
||||||
|
}
|
||||||
|
|
||||||
|
FilterInvocation fi = (FilterInvocation)object;
|
||||||
|
EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, fi);
|
||||||
|
|
||||||
|
|
||||||
|
weca.getAuthorizeExpression();
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
private WebExpressionConfigAttribute findConfigAttribute(List<ConfigAttribute> attributes) {
|
||||||
|
for (ConfigAttribute attribute : attributes) {
|
||||||
|
if (attribute instanceof WebExpressionConfigAttribute) {
|
||||||
|
return (WebExpressionConfigAttribute)attribute;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean supports(ConfigAttribute attribute) {
|
||||||
|
return attribute instanceof WebExpressionConfigAttribute;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean supports(Class<? extends Object> clazz) {
|
||||||
|
return clazz.isAssignableFrom(FilterInvocation.class);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setExpressionHandler(SecurityExpressionHandler expressionHandler) {
|
||||||
|
this.expressionHandler = expressionHandler;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -17,7 +17,7 @@ import java.util.Set;
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public abstract class AuthorityUtils {
|
public abstract class AuthorityUtils {
|
||||||
public static final List<GrantedAuthority> NO_AUTHORITIES = Collections.EMPTY_LIST;
|
public static final List<GrantedAuthority> NO_AUTHORITIES = Collections.emptyList();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if the current user has the specified authority.
|
* Returns true if the current user has the specified authority.
|
||||||
|
|
@ -76,8 +76,8 @@ public abstract class AuthorityUtils {
|
||||||
* Converts an array of GrantedAuthority objects to a Set.
|
* Converts an array of GrantedAuthority objects to a Set.
|
||||||
* @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority()
|
* @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority()
|
||||||
*/
|
*/
|
||||||
public static Set authorityArrayToSet(List<GrantedAuthority> authorities) {
|
public static Set<String> authorityArrayToSet(List<GrantedAuthority> authorities) {
|
||||||
Set set = new HashSet(authorities.size());
|
Set<String> set = new HashSet<String>(authorities.size());
|
||||||
|
|
||||||
for (GrantedAuthority authority: authorities) {
|
for (GrantedAuthority authority: authorities) {
|
||||||
set.add(authority.getAuthority());
|
set.add(authority.getAuthority());
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,8 @@ import org.springframework.security.AuthenticationCredentialsNotFoundException;
|
||||||
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
import org.springframework.security.afterinvocation.AfterInvocationProviderManager;
|
||||||
import org.springframework.security.annotation.BusinessService;
|
import org.springframework.security.annotation.BusinessService;
|
||||||
import org.springframework.security.context.SecurityContextHolder;
|
import org.springframework.security.context.SecurityContextHolder;
|
||||||
import org.springframework.security.expression.support.MethodExpressionAfterInvocationProvider;
|
import org.springframework.security.expression.method.MethodExpressionAfterInvocationProvider;
|
||||||
import org.springframework.security.expression.support.MethodExpressionVoter;
|
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.userdetails.UserDetailsService;
|
import org.springframework.security.userdetails.UserDetailsService;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
|
@ -11,6 +11,9 @@ import org.springframework.security.expression.annotation.PostAuthorize;
|
||||||
import org.springframework.security.expression.annotation.PostFilter;
|
import org.springframework.security.expression.annotation.PostFilter;
|
||||||
import org.springframework.security.expression.annotation.PreAuthorize;
|
import org.springframework.security.expression.annotation.PreAuthorize;
|
||||||
import org.springframework.security.expression.annotation.PreFilter;
|
import org.springframework.security.expression.annotation.PreFilter;
|
||||||
|
import org.springframework.security.expression.method.ExpressionAnnotationMethodDefinitionSource;
|
||||||
|
import org.springframework.security.expression.method.PostInvocationExpressionAttribute;
|
||||||
|
import org.springframework.security.expression.method.PreInvocationExpressionAttribute;
|
||||||
import org.springframework.security.intercept.method.MockMethodInvocation;
|
import org.springframework.security.intercept.method.MockMethodInvocation;
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
|
|
||||||
|
|
@ -11,6 +11,8 @@ import java.util.List;
|
||||||
import org.aopalliance.intercept.MethodInvocation;
|
import org.aopalliance.intercept.MethodInvocation;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.springframework.security.ConfigAttribute;
|
import org.springframework.security.ConfigAttribute;
|
||||||
|
import org.springframework.security.expression.method.MethodExpressionVoter;
|
||||||
|
import org.springframework.security.expression.method.PreInvocationExpressionAttribute;
|
||||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||||
import org.springframework.security.util.SimpleMethodInvocation;
|
import org.springframework.security.util.SimpleMethodInvocation;
|
||||||
import org.springframework.security.vote.AccessDecisionVoter;
|
import org.springframework.security.vote.AccessDecisionVoter;
|
||||||
|
|
@ -83,7 +85,7 @@ public class MethodExpressionVoterTests {
|
||||||
public void ruleDefinedInAClassMethodIsApplied() throws Exception {
|
public void ruleDefinedInAClassMethodIsApplied() throws Exception {
|
||||||
MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
|
MethodInvocation mi = new SimpleMethodInvocation(new TargetImpl(), methodTakingAString(), "joe");
|
||||||
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, mi,
|
assertEquals(AccessDecisionVoter.ACCESS_GRANTED, am.vote(joe, mi,
|
||||||
createAttributes(new PreInvocationExpressionAttribute(null, null, "new org.springframework.security.expression.support.SecurityRules().isJoe(#argument)"))));
|
createAttributes(new PreInvocationExpressionAttribute(null, null, "new org.springframework.security.expression.method.SecurityRules().isJoe(#argument)"))));
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<ConfigAttribute> createAttributes(ConfigAttribute... attributes) {
|
private List<ConfigAttribute> createAttributes(ConfigAttribute... attributes) {
|
||||||
|
|
@ -132,6 +134,4 @@ public class MethodExpressionVoterTests {
|
||||||
|
|
||||||
public Collection methodTakingACollection(Collection collection) {return collection;}
|
public Collection methodTakingACollection(Collection collection) {return collection;}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression.support;
|
package org.springframework.security.expression.method;
|
||||||
|
|
||||||
public class SecurityRules {
|
public class SecurityRules {
|
||||||
public static boolean disallow() {
|
public static boolean disallow() {
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
package org.springframework.security.expression;
|
package org.springframework.security.expression.support;
|
||||||
|
|
||||||
import static org.junit.Assert.*;
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
|
@ -11,18 +11,18 @@ import org.springframework.expression.spel.SpelExpressionParser;
|
||||||
import org.springframework.expression.spel.standard.StandardEvaluationContext;
|
import org.springframework.expression.spel.standard.StandardEvaluationContext;
|
||||||
import org.springframework.security.Authentication;
|
import org.springframework.security.Authentication;
|
||||||
import org.springframework.security.AuthenticationTrustResolver;
|
import org.springframework.security.AuthenticationTrustResolver;
|
||||||
import org.springframework.security.expression.SecurityExpressionRoot;
|
import org.springframework.security.expression.ExpressionUtils;
|
||||||
|
import org.springframework.security.expression.PermissionEvaluator;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sandbox class for checking feasibility of different security-related expressions.
|
* Tests for {@link MethodSecurityExpressionRoot}
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class SecurityExpressionRootTests {
|
public class MethodSecurityExpressionRootTests {
|
||||||
SpelExpressionParser parser = new SpelExpressionParser();
|
SpelExpressionParser parser = new SpelExpressionParser();
|
||||||
SecurityExpressionRoot root;
|
MethodSecurityExpressionRoot root;
|
||||||
StandardEvaluationContext ctx;
|
StandardEvaluationContext ctx;
|
||||||
Mockery jmock = new Mockery();
|
Mockery jmock = new Mockery();
|
||||||
private AuthenticationTrustResolver trustResolver;
|
private AuthenticationTrustResolver trustResolver;
|
||||||
|
|
@ -32,7 +32,7 @@ public class SecurityExpressionRootTests {
|
||||||
@Before
|
@Before
|
||||||
public void createContext() {
|
public void createContext() {
|
||||||
user = jmock.mock(Authentication.class);
|
user = jmock.mock(Authentication.class);
|
||||||
root = new SecurityExpressionRoot(user);
|
root = new MethodSecurityExpressionRoot(user);
|
||||||
ctx = new StandardEvaluationContext();
|
ctx = new StandardEvaluationContext();
|
||||||
ctx.setRootObject(root);
|
ctx.setRootObject(root);
|
||||||
trustResolver = jmock.mock(AuthenticationTrustResolver.class);
|
trustResolver = jmock.mock(AuthenticationTrustResolver.class);
|
||||||
Loading…
Reference in New Issue