From 6bfff55da336fa06e6597801819843dfb84d13c5 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 30 Mar 2007 18:27:19 +0000 Subject: [PATCH] Corrected Javadoc for setRejectPublicInvocations (s/true/false) and tidied up code for validation of attributes --- .../AbstractSecurityInterceptor.java | 46 +++++++++---------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java index 3459399af2..ecb9dc6f75 100644 --- a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java +++ b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java @@ -194,36 +194,32 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A Iterator iter = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions(); if (iter == null) { - if (logger.isWarnEnabled()) { - logger.warn( - "Could not validate configuration attributes as the MethodDefinitionSource did not return a " - + "ConfigAttributeDefinition Iterator"); - } - } else { - Set set = new HashSet(); + logger.warn("Could not validate configuration attributes as the MethodDefinitionSource did not return " + + "a ConfigAttributeDefinition Iterator"); + return; + } - while (iter.hasNext()) { - ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next(); - Iterator attributes = def.getConfigAttributes(); + Set unsupportedAttrs = new HashSet(); - while (attributes.hasNext()) { - ConfigAttribute attr = (ConfigAttribute) attributes.next(); + while (iter.hasNext()) { + ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next(); + Iterator attributes = def.getConfigAttributes(); - if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) - && ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) { - set.add(attr); - } + while (attributes.hasNext()) { + ConfigAttribute attr = (ConfigAttribute) attributes.next(); + + if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) + && ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) { + unsupportedAttrs.add(attr); } } - - if (set.size() == 0) { - if (logger.isInfoEnabled()) { - logger.info("Validated configuration attributes"); - } - } else { - throw new IllegalArgumentException("Unsupported configuration attributes: " + set.toString()); - } } + + if (unsupportedAttrs.size() != 0) { + throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs); + } + + logger.info("Validated configuration attributes"); } } @@ -431,7 +427,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A * attempt is made to invoke a secure object that has no configuration attributes. * * @param rejectPublicInvocations set to true to reject invocations of secure objects that have no - * configuration attributes (by default it is true which treats undeclared secure objects as + * configuration attributes (by default it is false which treats undeclared secure objects as * "public" or unauthorized) */ public void setRejectPublicInvocations(boolean rejectPublicInvocations) {