SEC-975: Namespace security syntax does not interpret properties

http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -273,8 +273,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         exceptionTranslationFilterBuilder.addPropertyValue("createSessionAllowed", new Boolean(allowSessionCreation));
 
         if (StringUtils.hasText(accessDeniedPage)) {
-            AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
+        	BeanDefinition accessDeniedHandler = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
-            accessDeniedHandler.setErrorPage(accessDeniedPage);
+        	accessDeniedHandler.getPropertyValues().addPropertyValue("errorPage", accessDeniedPage);
             exceptionTranslationFilterBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler);
         }
 

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -267,7 +267,7 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage"));
     }
 
-    @Test(expected=BeanDefinitionStoreException.class)
+    @Test(expected=BeanCreationException.class)
     public void invalidAccessDeniedUrlIsDetected() throws Exception {
         setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>" + AUTH_PROVIDER_XML);
     }
@@ -318,6 +318,16 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080));
     }
 
+    @Test
+    public void accessDeniedPageWorkWithPlaceholders() throws Exception {
+        System.setProperty("accessDenied", "/go-away");
+        setContext(
+                "    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
+                "    <http auto-config='true' access-denied-page='${accessDenied}'/>" + AUTH_PROVIDER_XML);
+        ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
+        assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
+    }
+
     @Test
     public void externalFiltersAreTreatedCorrectly() throws Exception {
         // Decorated user-filters should be added to stack. The others should be ignored.