SEC-1887: Add MethodSecurityOperations interface.

This should cater for implementations which want to use
the full filtering capabilities while creating a custom
expression root object.

Also cleaning whitespace.

core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java

@@ -70,9 +70,9 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
     protected abstract SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, T invocation);
 
     protected RoleHierarchy getRoleHierarchy() {
-		return roleHierarchy;
+        return roleHierarchy;
-	}
+    }
-    
+
     public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
         this.roleHierarchy = roleHierarchy;
     }

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionOperations.java

@@ -1,30 +1,41 @@
 package org.springframework.security.access.expression;
 
+import org.springframework.security.core.Authentication;
+
+/**
+ * Standard interface for expression root objects used with expression-based
+ * security.
+ *
+ * @author Andrei Stefan
+ * @author Luke Taylor
+ * @since 3.1.1
+ */
 public interface SecurityExpressionOperations {
 
-	public abstract boolean hasAuthority(String authority);
+    Authentication getAuthentication();
 
-	public abstract boolean hasAnyAuthority(String... authorities);
+    boolean hasAuthority(String authority);
 
-	public abstract boolean hasRole(String role);
+    boolean hasAnyAuthority(String... authorities);
 
-	public abstract boolean hasAnyRole(String... roles);
+    boolean hasRole(String role);
 
-	public abstract boolean permitAll();
+    boolean hasAnyRole(String... roles);
 
-	public abstract boolean denyAll();
+    boolean permitAll();
 
-	public abstract boolean isAnonymous();
+    boolean denyAll();
 
-	public abstract boolean isAuthenticated();
+    boolean isAnonymous();
 
-	public abstract boolean isRememberMe();
+    boolean isAuthenticated();
 
-	public abstract boolean isFullyAuthenticated();
+    boolean isRememberMe();
 
-	public abstract boolean hasPermission(Object target, Object permission);
+    boolean isFullyAuthenticated();
 
-	public abstract boolean hasPermission(Object targetId, String targetType,
+    boolean hasPermission(Object target, Object permission);
-			Object permission);
 
-}
+    boolean hasPermission(Object targetId, String targetType, Object permission);
+
+}

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -45,35 +45,19 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
         this.authentication = a;
     }
 
-    /* (non-Javadoc)
+    public final boolean hasAuthority(String authority) {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasAuthority(java.lang.String)
-	 */
-    @Override
-	public final boolean hasAuthority(String authority) {
         return hasRole(authority);
     }
 
-    /* (non-Javadoc)
+    public final boolean hasAnyAuthority(String... authorities) {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasAnyAuthority(java.lang.String)
-	 */
-    @Override
-	public final boolean hasAnyAuthority(String... authorities) {
         return hasAnyRole(authorities);
     }
 
-    /* (non-Javadoc)
+    public final boolean hasRole(String role) {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasRole(java.lang.String)
-	 */
-    @Override
-	public final boolean hasRole(String role) {
         return getAuthoritySet().contains(role);
     }
 
-    /* (non-Javadoc)
+    public final boolean hasAnyRole(String... roles) {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasAnyRole(java.lang.String)
-	 */
-    @Override
-	public final boolean hasAnyRole(String... roles) {
         Set<String> roleSet = getAuthoritySet();
 
         for (String role : roles) {
@@ -89,51 +73,27 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
         return authentication;
     }
 
-    /* (non-Javadoc)
+    public final boolean permitAll() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#permitAll()
-	 */
-    @Override
-	public final boolean permitAll() {
         return true;
     }
 
-    /* (non-Javadoc)
+    public final boolean denyAll() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#denyAll()
-	 */
-    @Override
-	public final boolean denyAll() {
         return false;
     }
 
-    /* (non-Javadoc)
+    public final boolean isAnonymous() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#isAnonymous()
-	 */
-    @Override
-	public final boolean isAnonymous() {
         return trustResolver.isAnonymous(authentication);
     }
 
-    /* (non-Javadoc)
+    public final boolean isAuthenticated() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#isAuthenticated()
-	 */
-    @Override
-	public final boolean isAuthenticated() {
         return !isAnonymous();
     }
 
-    /* (non-Javadoc)
+    public final boolean isRememberMe() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#isRememberMe()
-	 */
-    @Override
-	public final boolean isRememberMe() {
         return trustResolver.isRememberMe(authentication);
     }
 
-    /* (non-Javadoc)
+    public final boolean isFullyAuthenticated() {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#isFullyAuthenticated()
-	 */
-    @Override
-	public final boolean isFullyAuthenticated() {
         return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
     }
 
@@ -164,19 +124,12 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
         return roles;
     }
 
-    /* (non-Javadoc)
+
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasPermission(java.lang.Object, java.lang.Object)
+    public boolean hasPermission(Object target, Object permission) {
-	 */
-    @Override
-	public boolean hasPermission(Object target, Object permission) {
         return permissionEvaluator.hasPermission(authentication, target, permission);
     }
 
-    /* (non-Javadoc)
+    public boolean hasPermission(Object targetId, String targetType, Object permission) {
-	 * @see org.springframework.security.access.expression.SecurityExpressionOperations#hasPermission(java.lang.Object, java.lang.String, java.lang.Object)
-	 */
-    @Override
-	public boolean hasPermission(Object targetId, String targetType, Object permission) {
         return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission);
     }
 

core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java

@@ -48,8 +48,10 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
         return new MethodSecurityEvaluationContext(auth, mi, parameterNameDiscoverer);
     }
 
-    @Override
+    /**
-    protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
+     * Creates the root object for expression evaluation.
+     */
+    protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
         MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication);
         root.setThis(invocation.getThis());
         root.setPermissionEvaluator(getPermissionEvaluator());
@@ -68,7 +70,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
      */
     @SuppressWarnings("unchecked")
     public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) {
-        MethodSecurityExpressionRoot rootObject = (MethodSecurityExpressionRoot) ctx.getRootObject().getValue();
+        MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject().getValue();
         final boolean debug = logger.isDebugEnabled();
         List retainList;
 

core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionOperations.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2006-2011 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.springframework.security.access.expression.method;
+
+import org.springframework.security.access.expression.SecurityExpressionOperations;
+
+/**
+ * Interface which must be implemented if you want to use filtering in method security
+ * expressions.
+ *
+ * @author Luke Taylor
+ * @since 3.1.1
+ */
+public interface MethodSecurityExpressionOperations extends SecurityExpressionOperations {
+    void setFilterObject(Object filterObject);
+
+    Object getFilterObject();
+
+    void setReturnObject(Object returnObject);
+
+    Object getReturnObject();
+
+    Object getThis();
+}

core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java

@@ -10,7 +10,7 @@ import org.springframework.security.core.Authentication;
  * @author Luke Taylor
  * @since 3.0
  */
-class MethodSecurityExpressionRoot extends SecurityExpressionRoot {
+class MethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
     private Object filterObject;
     private Object returnObject;
     private Object target;

web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java

@@ -13,8 +13,8 @@ import org.springframework.security.web.FilterInvocation;
  * @since 3.0
  */
 public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler<FilterInvocation> {
-	
+
-	private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+    private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
     @Override
     protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) {