SEC-1051: Moved voter and afterinvocation packages into acl package. Also moved filterer classes fom core, as they are used in the acl after-invocation classes

acl/src/main/java/org/springframework/security/acls/afterinvocation/AbstractAclProvider.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
@@ -29,6 +29,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
+import org.springframework.security.afterinvocation.AfterInvocationProvider;
 
 import org.springframework.util.Assert;
 

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import java.util.Collection;
 import java.util.Iterator;
@@ -84,11 +84,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
             return null;
         }
 
-        Iterator iter = config.iterator();
+        for (ConfigAttribute attr : config) {
-
-        while (iter.hasNext()) {
-            ConfigAttribute attr = (ConfigAttribute) iter.next();
-
             if (!this.supports(attr)) {
                 continue;
             }
@@ -97,7 +93,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
             Filterer filterer;
 
             if (returnedObject instanceof Collection) {
-                filterer = new CollectionFilterer((Collection) returnedObject);
+                filterer = new CollectionFilterer((Collection<?>) returnedObject);
             } else if (returnedObject.getClass().isArray()) {
                 filterer = new ArrayFilterer((Object[]) returnedObject);
             } else {
@@ -108,8 +104,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
             // Locate unauthorised Collection elements
             Iterator collectionIter = filterer.iterator();
 
-            while (collectionIter.hasNext()) {
+            for (Object domainObject : filterer) {
-                Object domainObject = collectionIter.next();
 
                 // Ignore nulls or entries which aren't instances of the configured domain object class
                 if (domainObject == null || !getProcessDomainObjectClass().isAssignableFrom(domainObject.getClass())) {

acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -12,7 +12,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import java.util.Iterator;
 import java.util.List;

acl/src/main/java/org/springframework/security/acls/afterinvocation/ArrayFilterer.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import org.apache.commons.collections.iterators.ArrayIterator;
 import org.apache.commons.logging.Log;
@@ -33,41 +33,41 @@ import java.util.Set;
  * @author Paulo Neves
  * @version $Id$
  */
-class ArrayFilterer implements Filterer {
+class ArrayFilterer<T> implements Filterer<T> {
     //~ Static fields/initializers =====================================================================================
 
     protected static final Log logger = LogFactory.getLog(ArrayFilterer.class);
 
     //~ Instance fields ================================================================================================
 
-    private Set<Object> removeList;
+    private Set<T> removeList;
-    private Object[] list;
+    private T[] list;
 
     //~ Constructors ===================================================================================================
 
-    ArrayFilterer(Object[] list) {
+    ArrayFilterer(T[] list) {
         this.list = list;
 
         // Collect the removed objects to a HashSet so that
         // it is fast to lookup them when a filtered array
         // is constructed.
-        removeList = new HashSet<Object>();
+        removeList = new HashSet<T>();
     }
 
     //~ Methods ========================================================================================================
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#getFilteredObject()
+     * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
      */
-    public Object getFilteredObject() {
+    public T[] getFilteredObject() {
         // Recreate an array of same type and filter the removed objects.
         int originalSize = list.length;
         int sizeOfResultingList = originalSize - removeList.size();
-        Object[] filtered = (Object[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
+        T[] filtered = (T[]) Array.newInstance(list.getClass().getComponentType(), sizeOfResultingList);
 
         for (int i = 0, j = 0; i < list.length; i++) {
-            Object object = list[i];
+            T object = list[i];
 
             if (!removeList.contains(object)) {
                 filtered[j] = object;
@@ -85,17 +85,17 @@ class ArrayFilterer implements Filterer {
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#iterator()
+     * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
      */
-    public Iterator<?> iterator() {
+    public Iterator<T> iterator() {
         return new ArrayIterator(list);
     }
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object)
+     * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
      */
-    public void remove(Object object) {
+    public void remove(T object) {
         removeList.add(object);
     }
 }

acl/src/main/java/org/springframework/security/acls/afterinvocation/CollectionFilterer.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -31,23 +31,23 @@ import java.util.Set;
  * @author Paulo Neves
  * @version $Id$
  */
-class CollectionFilterer implements Filterer {
+class CollectionFilterer<T> implements Filterer<T> {
     //~ Static fields/initializers =====================================================================================
 
     protected static final Log logger = LogFactory.getLog(CollectionFilterer.class);
 
     //~ Instance fields ================================================================================================
 
-    private Collection<?> collection;
+    private Collection<T> collection;
 
     // collectionIter offers significant performance optimisations (as
     // per security-developer mailing list conversation 19/5/05)
-    private Iterator<?> collectionIter;
+    private Iterator<T> collectionIter;
-    private Set<Object> removeList;
+    private Set<T> removeList;
 
     //~ Constructors ===================================================================================================
 
-    CollectionFilterer(Collection<?> collection) {
+    CollectionFilterer(Collection<T> collection) {
         this.collection = collection;
 
         // We create a Set of objects to be removed from the Collection,
@@ -57,18 +57,18 @@ class CollectionFilterer implements Filterer {
         // to the method may not necessarily be re-constructable (as
         // the Collection(collection) constructor is not guaranteed and
         // manually adding may lose sort order or other capabilities)
-        removeList = new HashSet<Object>();
+        removeList = new HashSet<T>();
     }
 
     //~ Methods ========================================================================================================
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#getFilteredObject()
+     * @see org.springframework.security.acls.afterinvocation.Filterer#getFilteredObject()
      */
     public Object getFilteredObject() {
         // Now the Iterator has ended, remove Objects from Collection
-        Iterator<?> removeIter = removeList.iterator();
+        Iterator<T> removeIter = removeList.iterator();
 
         int originalSize = collection.size();
 
@@ -86,9 +86,9 @@ class CollectionFilterer implements Filterer {
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#iterator()
+     * @see org.springframework.security.acls.afterinvocation.Filterer#iterator()
      */
-    public Iterator<?> iterator() {
+    public Iterator<T> iterator() {
         collectionIter = collection.iterator();
 
         return collectionIter;
@@ -96,9 +96,9 @@ class CollectionFilterer implements Filterer {
 
     /**
      *
-     * @see org.springframework.security.afterinvocation.Filterer#remove(java.lang.Object)
+     * @see org.springframework.security.acls.afterinvocation.Filterer#remove(java.lang.Object)
      */
-    public void remove(Object object) {
+    public void remove(T object) {
         removeList.add(object);
     }
 }

acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.afterinvocation;
+package org.springframework.security.acls.afterinvocation;
 
 import java.util.Iterator;
 
@@ -25,7 +25,7 @@ import java.util.Iterator;
  * @author Paulo Neves
  * @version $Id$
  */
-interface Filterer {
+interface Filterer<T> extends Iterable<T> {
     //~ Methods ========================================================================================================
 
     /**
@@ -40,12 +40,12 @@ interface Filterer {
      *
      * @return an Iterator
      */
-    Iterator<?> iterator();
+    Iterator<T> iterator();
 
     /**
      * Removes the the given object from the resulting list.
      *
      * @param object the object to be removed
      */
-    void remove(Object object);
+    void remove(T object);
 }

acl/src/main/java/org/springframework/security/acls/vote/AclEntryVoter.java

@@ -12,13 +12,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.springframework.security.vote;
+package org.springframework.security.acls.vote;
 
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
-import java.util.Iterator;
 import java.util.List;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttribute;
@@ -32,8 +33,7 @@ import org.springframework.security.acls.objectidentity.ObjectIdentityRetrievalS
 import org.springframework.security.acls.sid.Sid;
 import org.springframework.security.acls.sid.SidRetrievalStrategy;
 import org.springframework.security.acls.sid.SidRetrievalStrategyImpl;
-import org.apache.commons.logging.Log;
+import org.springframework.security.vote.AbstractAclVoter;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
@@ -167,7 +167,7 @@ public class AclEntryVoter extends AbstractAclVoter {
                     logger.debug("Voting to abstain - domainObject is null");
                 }
 
-                return AccessDecisionVoter.ACCESS_ABSTAIN;
+                return ACCESS_ABSTAIN;
             }
 
             // Evaluate if we are required to use an inner domain object
@@ -208,7 +208,7 @@ public class AclEntryVoter extends AbstractAclVoter {
                     logger.debug("Voting to deny access - no ACLs apply for this principal");
                 }
 
-                return AccessDecisionVoter.ACCESS_DENIED;
+                return ACCESS_DENIED;
             }
 
             try {
@@ -217,25 +217,25 @@ public class AclEntryVoter extends AbstractAclVoter {
                         logger.debug("Voting to grant access");
                     }
 
-                    return AccessDecisionVoter.ACCESS_GRANTED;
+                    return ACCESS_GRANTED;
                 } else {
                     if (logger.isDebugEnabled()) {
                         logger.debug(
                             "Voting to deny access - ACLs returned, but insufficient permissions for this principal");
                     }
 
-                    return AccessDecisionVoter.ACCESS_DENIED;
+                    return ACCESS_DENIED;
                 }
             } catch (NotFoundException nfe) {
                 if (logger.isDebugEnabled()) {
                     logger.debug("Voting to deny access - no ACLs apply for this principal");
                 }
 
-                return AccessDecisionVoter.ACCESS_DENIED;
+                return ACCESS_DENIED;
             }
         }
 
         // No configuration attribute matched, so abstain
-        return AccessDecisionVoter.ACCESS_ABSTAIN;
+        return ACCESS_ABSTAIN;
     }
 }

core/src/test/java/org/springframework/security/vote/AbstractAclVoterTests.java

@@ -12,7 +12,6 @@ import org.junit.Test;
 import org.springframework.security.Authentication;
 import org.springframework.security.ConfigAttribute;
 import org.springframework.security.MockJoinPoint;
-import org.springframework.security.TargetObject;
 import org.springframework.security.util.MethodInvocationUtils;
 
 /**