Added access-decision-manager-ref attribute to intercept-methods element. Made interceptor bean autowired by default to pick up AfterInvocationManager.

core/src/main/java/org/springframework/security/config/InterceptMethodsBeanDefinitionDecorator.java

@@ -7,6 +7,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanDefinitionHolder;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
 import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.security.ConfigAttributeDefinition;
@@ -47,13 +48,16 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
     static final String ATT_CLASS = "class";
 	static final String ATT_METHOD = "method";
 	static final String ATT_ACCESS = "access";
-    private static final String ATT_ACCESS_MGR = "access-decision-manager";
+    private static final String ATT_ACCESS_MGR = "access-decision-manager-ref";
 
     private Log logger = LogFactory.getLog(getClass());
 
     protected BeanDefinition createInterceptorDefinition(Node node) {
         Element interceptMethodsElt = (Element)node;
-        RootBeanDefinition interceptor = new RootBeanDefinition(MethodSecurityInterceptor.class);
+        BeanDefinitionBuilder interceptor = BeanDefinitionBuilder.rootBeanDefinition(MethodSecurityInterceptor.class);
+
+        // Default to autowiring to pick up after invocation mgr
+        interceptor.setAutowireMode(RootBeanDefinition.AUTOWIRE_BY_TYPE);
 
         String accessManagerId = interceptMethodsElt.getAttribute(ATT_ACCESS_MGR);
 
@@ -61,23 +65,8 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
             accessManagerId = BeanIds.ACCESS_MANAGER;
         }
 
-        interceptor.getPropertyValues().addPropertyValue("accessDecisionManager",
+        interceptor.addPropertyValue("accessDecisionManager", new RuntimeBeanReference(accessManagerId));
-                new RuntimeBeanReference(accessManagerId));
+        interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
-
-        interceptor.getPropertyValues().addPropertyValue("authenticationManager",
-                new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
-
-        Element beanNode = (Element)interceptMethodsElt.getParentNode();
-        // Get the class from the parent bean...
-        String targetClassName = beanNode.getAttribute(ATT_CLASS);
-        Class targetClass;
-
-        try {
-            targetClass = Thread.currentThread().getContextClassLoader().loadClass(targetClassName);
-        } catch (ClassNotFoundException e) {
-            logger.error("Couldn't load class " + targetClassName);
-            throw new SecurityConfigurationException("Couldn't load class " + targetClassName);
-        }
 
         // Parse the included methods
         List methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
@@ -96,8 +85,8 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
                     (ConfigAttributeDefinition) attributeEditor.getValue());
         }
 
-        interceptor.getPropertyValues().addPropertyValue("objectDefinitionSource", methodMap);
+        interceptor.addPropertyValue("objectDefinitionSource", methodMap);
 
-        return interceptor;
+        return interceptor.getBeanDefinition();
     }
 }

core/src/main/resources/org/springframework/security/config/spring-security-2.0.rnc

@@ -97,7 +97,10 @@ ldap-ap.attlist &=
 intercept-methods =
     ## Can be used inside a bean definition to add a security interceptor to the bean and set up access configuration attributes for the bean's methods
     element intercept-methods {intercept-methods.attlist, protect+}
-intercept-methods.attlist = empty
+intercept-methods.attlist &=
+    ## Optional AccessDecisionManager bean ID to be used by the created method security interceptor.
+    attribute access-decision-manager-ref {xsd:string}?
+
 
 protect =
     ## Defines a protected method and the access control configuration attributes that apply to it

core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

@@ -242,8 +242,16 @@
       <xs:sequence>
         <xs:element maxOccurs="unbounded" ref="security:protect"/>
       </xs:sequence>
+      <xs:attributeGroup ref="security:intercept-methods.attlist"/>
     </xs:complexType>
   </xs:element>
+  <xs:attributeGroup name="intercept-methods.attlist">
+    <xs:attribute name="access-decision-manager-ref" type="xs:string">
+      <xs:annotation>
+        <xs:documentation>Optional AccessDecisionManager bean ID to be used by the created method security interceptor.</xs:documentation>
+      </xs:annotation>
+    </xs:attribute>
+  </xs:attributeGroup>
   <xs:element name="protect">
     <xs:annotation>
       <xs:documentation>Defines a protected method and the access control configuration attributes that apply to it</xs:documentation>