Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1257: Some additional API changes to use Collection instead of List...

Browse Source
This commit is contained in:
Luke Taylor 2009-10-07 21:08:41 +00:00
parent 4dcb9de67a
commit 3f72983a1e
4 changed files with 38 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java
View File

@ -1,8 +1,8 @@
package org.springframework.security.web.access.expression; package org.springframework.security.web.access.expression;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map; import java.util.Map;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -26,23 +26,23 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource extends
private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class); private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
public ExpressionBasedFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher, public ExpressionBasedFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap, WebSecurityExpressionHandler expressionHandler) { LinkedHashMap<RequestKey, Collection<ConfigAttribute>> requestMap, WebSecurityExpressionHandler expressionHandler) {
super(urlMatcher, processMap(requestMap, expressionHandler.getExpressionParser())); super(urlMatcher, processMap(requestMap, expressionHandler.getExpressionParser()));
Assert.notNull(expressionHandler, "A non-null SecurityExpressionHandler is required"); Assert.notNull(expressionHandler, "A non-null SecurityExpressionHandler is required");
} }
private static LinkedHashMap<RequestKey, List<ConfigAttribute>> processMap( private static LinkedHashMap<RequestKey, Collection<ConfigAttribute>> processMap(
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap, ExpressionParser parser) { LinkedHashMap<RequestKey,Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object"); Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestToExpressionAttributesMap = LinkedHashMap<RequestKey, Collection<ConfigAttribute>> requestToExpressionAttributesMap =
new LinkedHashMap<RequestKey, List<ConfigAttribute>>(requestMap); new LinkedHashMap<RequestKey, Collection<ConfigAttribute>>(requestMap);
for (Map.Entry<RequestKey, List<ConfigAttribute>> entry : requestMap.entrySet()) { for (Map.Entry<RequestKey, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
RequestKey request = entry.getKey(); RequestKey request = entry.getKey();
Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request); Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request);
ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1); ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1);
String expression = entry.getValue().get(0).getAttribute(); String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
logger.debug("Adding web access control expression '" + expression + "', for " + request); logger.debug("Adding web access control expression '" + expression + "', for " + request);
try { try {
attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression))); attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression)));

37
web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java
View File

@ -20,7 +20,6 @@ import java.util.Collection;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -60,8 +59,8 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
//private Map<Object, List<ConfigAttribute>> requestMap = new LinkedHashMap<Object, List<ConfigAttribute>>(); //private Map<Object, List<ConfigAttribute>> requestMap = new LinkedHashMap<Object, List<ConfigAttribute>>();
/** Stores request maps keyed by specific HTTP methods. A null key matches any method */ /** Stores request maps keyed by specific HTTP methods. A null key matches any method */
private Map<String, Map<Object, List<ConfigAttribute>>> httpMethodMap = private Map<String, Map<Object, Collection<ConfigAttribute>>> httpMethodMap =
new HashMap<String, Map<Object, List<ConfigAttribute>>>(); new HashMap<String, Map<Object, Collection<ConfigAttribute>>>();
private UrlMatcher urlMatcher; private UrlMatcher urlMatcher;
@ -78,10 +77,10 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
* @param requestMap order-preserving map of request definitions to attribute lists * @param requestMap order-preserving map of request definitions to attribute lists
*/ */
public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher, public DefaultFilterInvocationSecurityMetadataSource(UrlMatcher urlMatcher,
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap) { LinkedHashMap<RequestKey, Collection<ConfigAttribute>> requestMap) {
this.urlMatcher = urlMatcher; this.urlMatcher = urlMatcher;
for (Map.Entry<RequestKey, List<ConfigAttribute>> entry : requestMap.entrySet()) { for (Map.Entry<RequestKey, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue()); addSecureUrl(entry.getKey().getUrl(), entry.getKey().getMethod(), entry.getValue());
} }
} }
@ -94,13 +93,13 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
* to the request map and will be passed back to the <tt>UrlMatcher</tt> when iterating through the map to find * to the request map and will be passed back to the <tt>UrlMatcher</tt> when iterating through the map to find
* a match for a particular URL. * a match for a particular URL.
*/ */
private void addSecureUrl(String pattern, String method, List<ConfigAttribute> attr) { private void addSecureUrl(String pattern, String method, Collection<ConfigAttribute> attrs) {
Map<Object, List<ConfigAttribute>> mapToUse = getRequestMapForHttpMethod(method); Map<Object, Collection<ConfigAttribute>> mapToUse = getRequestMapForHttpMethod(method);
mapToUse.put(urlMatcher.compile(pattern), attr); mapToUse.put(urlMatcher.compile(pattern), attrs);
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Added URL pattern: " + pattern + "; attributes: " + attr + logger.debug("Added URL pattern: " + pattern + "; attributes: " + attrs +
(method == null ? "" : " for HTTP method '" + method + "'")); (method == null ? "" : " for HTTP method '" + method + "'"));
} }
} }
@ -110,15 +109,15 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
* @param method GET, POST etc * @param method GET, POST etc
* @return map of URL patterns to <tt>ConfigAttribute</tt>s for this method. * @return map of URL patterns to <tt>ConfigAttribute</tt>s for this method.
*/ */
private Map<Object, List<ConfigAttribute>> getRequestMapForHttpMethod(String method) { private Map<Object, Collection<ConfigAttribute>> getRequestMapForHttpMethod(String method) {
if (method != null && !HTTP_METHODS.contains(method)) { if (method != null && !HTTP_METHODS.contains(method)) {
throw new IllegalArgumentException("Unrecognised HTTP method: '" + method + "'"); throw new IllegalArgumentException("Unrecognised HTTP method: '" + method + "'");
} }
Map<Object, List<ConfigAttribute>> methodRequestMap = httpMethodMap.get(method); Map<Object, Collection<ConfigAttribute>> methodRequestMap = httpMethodMap.get(method);
if (methodRequestMap == null) { if (methodRequestMap == null) {
methodRequestMap = new LinkedHashMap<Object, List<ConfigAttribute>>(); methodRequestMap = new LinkedHashMap<Object, Collection<ConfigAttribute>>();
httpMethodMap.put(method, methodRequestMap); httpMethodMap.put(method, methodRequestMap);
} }
@ -128,8 +127,8 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
public Collection<ConfigAttribute> getAllConfigAttributes() { public Collection<ConfigAttribute> getAllConfigAttributes() {
Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>(); Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
for (Map.Entry<String, Map<Object, List<ConfigAttribute>>> entry : httpMethodMap.entrySet()) { for (Map.Entry<String, Map<Object, Collection<ConfigAttribute>>> entry : httpMethodMap.entrySet()) {
for (List<ConfigAttribute> attrs : entry.getValue().values()) { for (Collection<ConfigAttribute> attrs : entry.getValue().values()) {
allAttributes.addAll(attrs); allAttributes.addAll(attrs);
} }
} }
@ -161,7 +160,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
* @return the <code>ConfigAttribute</code>s that apply to the specified <code>FilterInvocation</code> * @return the <code>ConfigAttribute</code>s that apply to the specified <code>FilterInvocation</code>
* or null if no match is found * or null if no match is found
*/ */
public final List<ConfigAttribute> lookupAttributes(String url, String method) { public final Collection<ConfigAttribute> lookupAttributes(String url, String method) {
if (stripQueryStringFromUrls) { if (stripQueryStringFromUrls) {
// Strip anything after a question mark symbol, as per SEC-161. See also SEC-321 // Strip anything after a question mark symbol, as per SEC-161. See also SEC-321
int firstQuestionMarkIndex = url.indexOf("?"); int firstQuestionMarkIndex = url.indexOf("?");
@ -180,7 +179,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
} }
// Obtain the map of request patterns to attributes for this method and lookup the url. // Obtain the map of request patterns to attributes for this method and lookup the url.
List<ConfigAttribute> attributes = extractMatchingAttributes(url, httpMethodMap.get(method)); Collection<ConfigAttribute> attributes = extractMatchingAttributes(url, httpMethodMap.get(method));
// If no attributes found in method-specific map, use the general one stored under the null key // If no attributes found in method-specific map, use the general one stored under the null key
if (attributes == null) { if (attributes == null) {
@ -190,14 +189,14 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
return attributes; return attributes;
} }
private List<ConfigAttribute> extractMatchingAttributes(String url, Map<Object, List<ConfigAttribute>> requestMap) { private Collection<ConfigAttribute> extractMatchingAttributes(String url, Map<Object, Collection<ConfigAttribute>> map) {
if (requestMap == null) { if (map == null) {
return null; return null;
} }
final boolean debug = logger.isDebugEnabled(); final boolean debug = logger.isDebugEnabled();
for (Map.Entry<Object, List<ConfigAttribute>> entry : requestMap.entrySet()) { for (Map.Entry<Object, Collection<ConfigAttribute>> entry : map.entrySet()) {
Object p = entry.getKey(); Object p = entry.getKey();
boolean matched = urlMatcher.pathMatchesUrl(entry.getKey(), url); boolean matched = urlMatcher.pathMatchesUrl(entry.getKey(), url);

8
web/src/test/java/org/springframework/security/web/access/channel/ChannelProcessingFilterTests.java
View File

@ -20,7 +20,6 @@ import static org.mockito.Mockito.mock;
import java.io.IOException; import java.io.IOException;
import java.util.Collection; import java.util.Collection;
import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@ -120,8 +119,7 @@ public class ChannelProcessingFilterTests {
} }
@Test @Test
public void testDoFilterWhenNullConfigAttributeReturned() public void testDoFilterWhenNullConfigAttributeReturned() throws Exception {
throws Exception {
ChannelProcessingFilter filter = new ChannelProcessingFilter(); ChannelProcessingFilter filter = new ChannelProcessingFilter();
filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED")); filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED"));
@ -180,7 +178,7 @@ public class ChannelProcessingFilterTests {
} }
private class MockFilterInvocationDefinitionMap implements FilterInvocationSecurityMetadataSource { private class MockFilterInvocationDefinitionMap implements FilterInvocationSecurityMetadataSource {
private List<ConfigAttribute> toReturn; private Collection<ConfigAttribute> toReturn;
private String servletPath; private String servletPath;
private boolean provideIterator; private boolean provideIterator;
@ -190,7 +188,7 @@ public class ChannelProcessingFilterTests {
this.provideIterator = provideIterator; this.provideIterator = provideIterator;
} }
public List<ConfigAttribute> getAttributes(Object object) public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException { throws IllegalArgumentException {
FilterInvocation fi = (FilterInvocation) object; FilterInvocation fi = (FilterInvocation) object;

19
web/src/test/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSourceTests.java
View File

@ -20,7 +20,6 @@ import static org.mockito.Mockito.mock;
import java.util.Collection; import java.util.Collection;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -44,7 +43,7 @@ import org.springframework.security.web.util.AntUrlPathMatcher;
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public class DefaultFilterInvocationSecurityMetadataSourceTests { public class DefaultFilterInvocationSecurityMetadataSourceTests {
private DefaultFilterInvocationSecurityMetadataSource fids; private DefaultFilterInvocationSecurityMetadataSource fids;
private List<ConfigAttribute> def = SecurityConfig.createList("ROLE_ONE"); private Collection<ConfigAttribute> def = SecurityConfig.createList("ROLE_ONE");
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
private void createFids(String url, String method) { private void createFids(String url, String method) {
@ -87,7 +86,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null); FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null);
List<? extends ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null); Collection<ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null);
assertEquals(def, response); assertEquals(def, response);
} }
@ -97,7 +96,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
FilterInvocation fi = createFilterInvocation("/SeCuRE/super/somefile.html", null); FilterInvocation fi = createFilterInvocation("/SeCuRE/super/somefile.html", null);
List<? extends ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null); Collection<ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null);
assertEquals(null, response); assertEquals(null, response);
} }
@ -107,7 +106,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null); FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null);
List<? extends ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null); Collection<ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null);
assertEquals(def, response); assertEquals(def, response);
} }
@ -117,7 +116,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
FilterInvocation fi = createFilterInvocation("/someAdminPage.html?a=/test", null); FilterInvocation fi = createFilterInvocation("/someAdminPage.html?a=/test", null);
List<? extends ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null); Collection<ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null);
assertEquals(def, response); // see SEC-161 (it should truncate after ? sign) assertEquals(def, response); // see SEC-161 (it should truncate after ? sign)
} }
@ -155,10 +154,10 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
@Test @Test
public void httpMethodSpecificUrlTakesPrecedence() { public void httpMethodSpecificUrlTakesPrecedence() {
LinkedHashMap<RequestKey, List<ConfigAttribute>> requestMap = new LinkedHashMap<RequestKey, List<ConfigAttribute>>(); LinkedHashMap<RequestKey, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestKey, Collection<ConfigAttribute>>();
// Even though this is added before the Http method-specific def, the latter should match // Even though this is added before the Http method-specific def, the latter should match
requestMap.put(new RequestKey("/**"), def); requestMap.put(new RequestKey("/**"), def);
List<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO"); Collection<ConfigAttribute> postOnlyDef = SecurityConfig.createList("ROLE_TWO");
requestMap.put(new RequestKey("/somepage**", "POST"), postOnlyDef); requestMap.put(new RequestKey("/somepage**", "POST"), postOnlyDef);
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap); fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
@ -170,7 +169,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
@Test @Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception { public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
LinkedHashMap requestMap = new LinkedHashMap(); LinkedHashMap requestMap = new LinkedHashMap();
List<ConfigAttribute> userAttrs = SecurityConfig.createList("A"); Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
requestMap.put(new RequestKey("/user/**", null), userAttrs); requestMap.put(new RequestKey("/user/**", null), userAttrs);
requestMap.put(new RequestKey("/teller/**", "GET"), SecurityConfig.createList("B")); requestMap.put(new RequestKey("/teller/**", "GET"), SecurityConfig.createList("B"));
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap); fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
@ -190,7 +189,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
FilterInvocation fi = createFilterInvocation("/someAdminPage.html?x=2/aa?y=3", null); FilterInvocation fi = createFilterInvocation("/someAdminPage.html?x=2/aa?y=3", null);
List<? extends ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null); Collection<ConfigAttribute> response = fids.lookupAttributes(fi.getRequestUrl(), null);
assertEquals(def, response); assertEquals(def, response);
fi = createFilterInvocation("/someAdminPage.html??", null); fi = createFilterInvocation("/someAdminPage.html??", null);