SEC-1257: Some additional API changes to use Collection instead of List...
This commit is contained in:
Luke Taylor
parent
9bece3bc9a
commit
4dcb9de67a
|
|
@ -1,5 +1,6 @@
|
|||
package org.springframework.security.config.http;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
|
@ -99,7 +100,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
|
|||
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class, filters);
|
||||
DefaultFilterInvocationSecurityMetadataSource fids =
|
||||
(DefaultFilterInvocationSecurityMetadataSource) fsi.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attributes = fids.lookupAttributes(loginPage, "POST");
|
||||
Collection<ConfigAttribute> attributes = fids.lookupAttributes(loginPage, "POST");
|
||||
|
||||
if (attributes == null) {
|
||||
logger.debug("No access attributes defined for login page URL");
|
||||
|
|
|
|||
|
|
@ -39,11 +39,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
|
|||
*/
|
||||
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
return processAnnotations(clazz.getAnnotations());
|
||||
}
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
return processAnnotations(AnnotationUtils.getAnnotations(method));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,11 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
|
|||
*/
|
||||
public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
return processAnnotation(clazz.getAnnotation(Secured.class));
|
||||
}
|
||||
|
||||
protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
|
@ -27,12 +27,12 @@ import org.springframework.util.ClassUtils;
|
|||
*/
|
||||
public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
// The method may be on an interface, but we need attributes from the target class.
|
||||
// If the target class is null, the method will be unchanged.
|
||||
Method specificMethod = ClassUtils.getMostSpecificMethod(method, targetClass);
|
||||
// First try is the method in the target class.
|
||||
List<ConfigAttribute> attr = findAttributes(specificMethod, targetClass);
|
||||
Collection<ConfigAttribute> attr = findAttributes(specificMethod, targetClass);
|
||||
if (attr != null) {
|
||||
return attr;
|
||||
}
|
||||
|
|
@ -68,7 +68,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr
|
|||
* @param targetClass the target class for the invocation (may be <code>null</code>)
|
||||
* @return the security metadata (or null if no metadata applies)
|
||||
*/
|
||||
protected abstract List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass);
|
||||
protected abstract Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass);
|
||||
|
||||
/**
|
||||
* Obtains the security metadata registered against the specified class.
|
||||
|
|
@ -82,7 +82,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr
|
|||
* @param clazz the target class for the invocation (never <code>null</code>)
|
||||
* @return the security metadata (or null if no metadata applies)
|
||||
*/
|
||||
protected abstract List<ConfigAttribute> findAttributes(Class<?> clazz);
|
||||
protected abstract Collection<ConfigAttribute> findAttributes(Class<?> clazz);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
|
|||
private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
|
||||
|
||||
private List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
|
||||
private final Map<DefaultCacheKey, List<ConfigAttribute>> attributeCache =
|
||||
new HashMap<DefaultCacheKey, List<ConfigAttribute>>();
|
||||
private final Map<DefaultCacheKey, Collection<ConfigAttribute>> attributeCache =
|
||||
new HashMap<DefaultCacheKey, Collection<ConfigAttribute>>();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
|
|
@ -35,10 +35,10 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
|
|||
Assert.notNull(methodSecurityMetadataSources, "A list of MethodSecurityMetadataSources is required");
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass);
|
||||
synchronized (attributeCache) {
|
||||
List<ConfigAttribute> cached = attributeCache.get(cacheKey);
|
||||
Collection<ConfigAttribute> cached = attributeCache.get(cacheKey);
|
||||
// Check for canonical value indicating there is no config attribute,
|
||||
if (cached == NULL_CONFIG_ATTRIBUTE) {
|
||||
return null;
|
||||
|
|
@ -49,7 +49,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
|
|||
}
|
||||
|
||||
// No cached value, so query the sources to find a result
|
||||
List<ConfigAttribute> attributes = null;
|
||||
Collection<ConfigAttribute> attributes = null;
|
||||
for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
|
||||
attributes = s.getAttributes(method, targetClass);
|
||||
if (attributes != null) {
|
||||
|
|
|
|||
|
|
@ -72,14 +72,14 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
|
|||
/**
|
||||
* Implementation does not support class-level attributes.
|
||||
*/
|
||||
protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Will walk the method inheritance tree to find the most specific declaration applicable.
|
||||
*/
|
||||
protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
|
||||
if (targetClass == null) {
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
|
|
@ -30,5 +30,5 @@ import org.springframework.security.access.SecurityMetadataSource;
|
|||
* @version $Id$
|
||||
*/
|
||||
public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
|
||||
public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import java.lang.annotation.Annotation;
|
|||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
|
|
@ -38,7 +37,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
|
|||
this.attributeFactory = attributeFactory;
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
if (method.getDeclaringClass() == Object.class) {
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ package org.springframework.security.access.annotation;
|
|||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.annotation.security.DenyAll;
|
||||
import javax.annotation.security.PermitAll;
|
||||
|
|
@ -12,7 +12,6 @@ import junit.framework.Assert;
|
|||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
|
|
@ -25,51 +24,55 @@ public class Jsr250MethodDefinitionSourceTests {
|
|||
UserAllowedClass userAllowed = new UserAllowedClass();
|
||||
DenyAllClass denyAll = new DenyAllClass();
|
||||
|
||||
private ConfigAttribute[] findAttributes(String methodName) throws Exception {
|
||||
return mds.findAttributes(a.getClass().getMethod(methodName), null).toArray(new ConfigAttribute[0]);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void methodWithRolesAllowedHasCorrectAttribute() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("adminMethod"), null);
|
||||
assertEquals(1, accessAttributes.size());
|
||||
assertEquals("ADMIN", accessAttributes.get(0).toString());
|
||||
ConfigAttribute[] accessAttributes = findAttributes("adminMethod");
|
||||
assertEquals(1, accessAttributes.length);
|
||||
assertEquals("ADMIN", accessAttributes[0].toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void permitAllMethodHasPermitAllAttribute() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("permitAllMethod"), null);
|
||||
assertEquals(1, accessAttributes.size());
|
||||
assertEquals("javax.annotation.security.PermitAll", accessAttributes.get(0).toString());
|
||||
ConfigAttribute[] accessAttributes = findAttributes("permitAllMethod");
|
||||
assertEquals(1, accessAttributes.length);
|
||||
assertEquals("javax.annotation.security.PermitAll", accessAttributes[0].toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noRoleMethodHasDenyAllAttributeWithDenyAllClass() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass());
|
||||
assertEquals(1, accessAttributes.size());
|
||||
assertEquals("javax.annotation.security.DenyAll", accessAttributes.get(0).toString());
|
||||
ConfigAttribute[] accessAttributes = mds.findAttributes(denyAll.getClass()).toArray(new ConfigAttribute[0]);
|
||||
assertEquals(1, accessAttributes.length);
|
||||
assertEquals("javax.annotation.security.DenyAll", accessAttributes[0].toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void adminMethodHasAdminAttributeWithDenyAllClass() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null);
|
||||
Collection<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null);
|
||||
assertEquals(1, accessAttributes.size());
|
||||
assertEquals("ADMIN", accessAttributes.get(0).toString());
|
||||
assertEquals("ADMIN", accessAttributes.toArray()[0].toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void noRoleMethodHasNoAttributes() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null);
|
||||
Collection<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null);
|
||||
Assert.assertNull(accessAttributes);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void classRoleIsAppliedToNoRoleMethod() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null);
|
||||
Collection<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null);
|
||||
Assert.assertNull(accessAttributes);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void methodRoleOverridesClassRole() throws Exception {
|
||||
List<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null);
|
||||
Collection<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null);
|
||||
assertEquals(1, accessAttributes.size());
|
||||
assertEquals("ADMIN", accessAttributes.get(0).toString());
|
||||
assertEquals("ADMIN", accessAttributes.toArray()[0].toString());
|
||||
}
|
||||
|
||||
//~ Inner Classes ======================================================================================================
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
package org.springframework.security.access.annotation;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
|
|
@ -23,7 +23,6 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
||||
|
|
@ -52,7 +51,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
|
|||
fail("Should be a superMethod called 'someUserMethod3' on class!");
|
||||
}
|
||||
|
||||
List<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
|
||||
Collection<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
|
||||
|
||||
assertNotNull(attrs);
|
||||
|
||||
|
|
@ -76,7 +75,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
|
|||
fail("Should be a superMethod called 'someUserMethod3' on class!");
|
||||
}
|
||||
|
||||
List<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
|
||||
Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
|
||||
|
||||
assertNotNull(superAttrs);
|
||||
|
||||
|
|
@ -94,7 +93,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
|
|||
}
|
||||
|
||||
public void testGetAttributesClass() {
|
||||
List<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
|
||||
Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
|
||||
|
||||
assertNotNull(attrs);
|
||||
|
||||
|
|
@ -102,7 +101,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
|
|||
assertEquals(1, attrs.size());
|
||||
|
||||
// should have 1 SecurityConfig
|
||||
SecurityConfig sc = ((SecurityConfig) attrs.get(0));
|
||||
SecurityConfig sc = (SecurityConfig) attrs.toArray()[0];
|
||||
|
||||
assertEquals("ROLE_USER", sc.getAttribute());
|
||||
}
|
||||
|
|
@ -116,7 +115,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
|
|||
fail("Should be a method called 'someUserAndAdminMethod' on class!");
|
||||
}
|
||||
|
||||
List<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
|
||||
Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
|
||||
|
||||
assertNotNull(attrs);
|
||||
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ public class MockMethodSecurityMetadataSource implements MethodSecurityMetadataS
|
|||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue