SEC-1132: Refactoring of access/intercept package to extract packages and classes which are externally depended on or potentially may be used outside of the standard interceptor model (e.g. SecurityMetadataSource)
This commit is contained in:
Luke Taylor
parent
1a69a4d45a
commit
76438b3347
|
|
@ -18,8 +18,8 @@ package org.springframework.security.acls.afterinvocation;
|
|||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProvider;
|
||||
import org.springframework.security.acls.domain.BasePermission;
|
||||
import org.springframework.security.acls.domain.ObjectIdentityRetrievalStrategyImpl;
|
||||
import org.springframework.security.acls.domain.SidRetrievalStrategyImpl;
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.ManagedList;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.access.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ import org.springframework.beans.factory.xml.ParserContext;
|
|||
import org.w3c.dom.Node;
|
||||
|
||||
/**
|
||||
* Adds the decorated {@link org.springframework.security.access.intercept.AfterInvocationProvider} to the
|
||||
* Adds the decorated {@link org.springframework.security.access.AfterInvocationProvider} to the
|
||||
* AfterInvocationProviderManager's list.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
|
|
|
|||
|
|
@ -27,11 +27,10 @@ import org.springframework.security.access.expression.method.DefaultMethodSecuri
|
|||
import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
|
||||
import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
|
||||
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
|
||||
import org.springframework.security.access.intercept.method.DelegatingMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.ProtectPointcutPostProcessor;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
|
||||
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
|
||||
import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
|
||||
|
|
|
|||
|
|
@ -17,10 +17,10 @@ import org.springframework.beans.factory.support.ManagedList;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.ConfigAttributeEditor;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
|||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ import org.springframework.beans.factory.BeanFactory;
|
|||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.access.intercept.AfterInvocationManager;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
|
||||
/**
|
||||
* BeanPostProcessor which sets the AfterInvocationManager on the global MethodSecurityInterceptor,
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.config;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.HashSet;
|
||||
|
|
@ -15,7 +15,8 @@ import org.aspectj.weaver.tools.PointcutPrimitive;
|
|||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
|
|
@ -6,7 +6,7 @@ import org.junit.After;
|
|||
import org.junit.Test;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
|
||||
public class CustomAfterInvocationProviderBeanDefinitionDecoratorTests {
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ package org.springframework.security.config;
|
|||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
public class MockAfterInvocationProvider implements AfterInvocationProvider {
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ public class MethodSecurityInterceptorWithAopConfigTests {
|
|||
" <aop:advisor advice-ref='securityInterceptor' pointcut-ref='targetMethods' />" +
|
||||
"</aop:config>" +
|
||||
"<b:bean id='target' class='org.springframework.security.TargetObject'/>" +
|
||||
"<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
|
||||
"<b:bean id='securityInterceptor' class='org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor' autowire='byType' >" +
|
||||
" <b:property name='securityMetadataSource'>" +
|
||||
" <b:value>" +
|
||||
"org.springframework.security.TargetObject.makeLower*=ROLE_A\n" +
|
||||
|
|
|
|||
|
|
@ -13,11 +13,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.vote;
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
|
||||
|
|
@ -13,12 +13,11 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
|
||||
|
|
@ -13,12 +13,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -27,7 +27,7 @@ import javax.annotation.security.RolesAllowed;
|
|||
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ package org.springframework.security.access.annotation;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import java.util.List;
|
|||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import org.springframework.context.support.MessageSourceAccessor;
|
|||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.event.AuthenticationCredentialsNotFoundEvent;
|
||||
import org.springframework.security.access.event.AuthorizationFailureEvent;
|
||||
import org.springframework.security.access.event.AuthorizedEvent;
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
|
|
@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory;
|
|||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
|
@ -13,12 +13,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aopalliance;
|
||||
package org.springframework.security.access.intercept.aopalliance;
|
||||
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.access.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aopalliance.intercept.MethodInterceptor;
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aopalliance;
|
||||
package org.springframework.security.access.intercept.aopalliance;
|
||||
|
||||
import java.lang.reflect.AccessibleObject;
|
||||
import java.lang.reflect.Method;
|
||||
|
|
@ -26,7 +26,7 @@ import org.springframework.aop.support.StaticMethodMatcherPointcut;
|
|||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.BeanFactory;
|
||||
import org.springframework.beans.factory.BeanFactoryAware;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.access.intercept.method.aspectj;
|
||||
package org.springframework.security.access.intercept.aspectj;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
package org.springframework.security.access.intercept.method.aspectj;
|
||||
package org.springframework.security.access.intercept.aspectj;
|
||||
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.access.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aspectj;
|
||||
package org.springframework.security.access.intercept.aspectj;
|
||||
|
||||
/**
|
||||
* Called by the {@link AspectJSecurityInterceptor} when it wishes for the
|
||||
|
|
@ -13,12 +13,12 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aspectj;
|
||||
package org.springframework.security.access.intercept.aspectj;
|
||||
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.InterceptorStatusToken;
|
||||
import org.springframework.security.access.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Collection;
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -13,13 +13,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method;
|
||||
package org.springframework.security.access.method;
|
||||
|
||||
import java.beans.PropertyEditorSupport;
|
||||
import java.util.ArrayList;
|
||||
|
|
@ -6,8 +6,8 @@ import org.aopalliance.intercept.MethodInvocation;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ import java.util.List;
|
|||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import java.util.List;
|
|||
|
||||
import org.springframework.core.annotation.AnnotationUtils;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.intercept.method.AbstractMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.AbstractMethodSecurityMetadataSource;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
/**
|
||||
|
|
@ -81,7 +81,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
|
|||
}
|
||||
|
||||
/**
|
||||
* See {@link org.springframework.security.access.intercept.method.AbstractFallbackMethodSecurityMetadataSource#getAttributes(Method, Class)}
|
||||
* See {@link org.springframework.security.access.method.AbstractFallbackMethodSecurityMetadataSource#getAttributes(Method, Class)}
|
||||
* for the logic of this method. The ordering here is slightly different in that we consider method-specific
|
||||
* annotations on an interface before class-level ones.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import java.util.List;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
*/
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AuthorizationServiceException;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.access.vote;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.access.vote;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.access.vote;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ import org.springframework.util.Assert;
|
|||
* @author Greg Turnquist
|
||||
* @version $Id$
|
||||
*
|
||||
* @see org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor
|
||||
* @see org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
|
||||
* @deprecated Use new spring-security-acl module instead
|
||||
*/
|
||||
public class LabelBasedAclVoter extends AbstractAclVoter {
|
||||
|
|
@ -141,7 +141,7 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
|
|||
* configuration with the attribute stored in attributeIndicatingLabeledOperation.
|
||||
*
|
||||
* @see org.springframework.security.access.vote.AbstractAclVoter
|
||||
* @see org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor
|
||||
* @see org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor
|
||||
*/
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
if (attribute.getAttribute().equals(attributeIndicatingLabeledOperation)) {
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.access.vote;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.access.vote;
|
|||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException;
|
|||
/**
|
||||
* Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.
|
||||
* <p>
|
||||
* {@link org.springframework.security.access.vote.AccessDecisionVoter}s will typically throw this exception if
|
||||
* {@link org.springframework.security.access.AccessDecisionVoter}s will typically throw this exception if
|
||||
* they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or
|
||||
* anonymously. The commonly used {@link org.springframework.security.web.ExceptionTranslationFilter} will thus cause
|
||||
* the <code>AuthenticationEntryPoint</code> to be called, allowing the principal to authenticate with a stronger
|
||||
|
|
|
|||
|
|
@ -26,9 +26,9 @@ import org.springframework.security.access.SecurityConfig;
|
|||
import org.springframework.security.access.annotation.test.Entity;
|
||||
import org.springframework.security.access.annotation.test.PersonServiceImpl;
|
||||
import org.springframework.security.access.annotation.test.Service;
|
||||
import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSourceEditor;
|
||||
import org.springframework.security.access.intercept.method.MockMethodInvocation;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ import java.util.List;
|
|||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.expression.method.PreInvocationExpressionAttribute;
|
||||
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ import org.jmock.Mockery;
|
|||
import org.jmock.integration.junit4.JUnit4Mockery;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.SecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.RunAsManager;
|
||||
import org.springframework.security.access.intercept.SecurityMetadataSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@ import junit.framework.TestCase;
|
|||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProvider;
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.util.SimpleMethodInvocation;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aopalliance;
|
||||
package org.springframework.security.access.intercept.aopalliance;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
|
@ -37,8 +37,8 @@ import org.springframework.security.access.SecurityConfig;
|
|||
import org.springframework.security.access.intercept.AfterInvocationManager;
|
||||
import org.springframework.security.access.intercept.RunAsManager;
|
||||
import org.springframework.security.access.intercept.RunAsUserToken;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
|
|
@ -13,17 +13,17 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aopalliance;
|
||||
package org.springframework.security.access.intercept.aopalliance;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.TargetObject;
|
||||
import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSourceEditor;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
|
||||
|
||||
/**
|
||||
* Tests {@link MethodSecurityMetadataSourceAdvisor}.
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.access.intercept.method.aspectj;
|
||||
package org.springframework.security.access.intercept.aspectj;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
|
|
@ -30,9 +30,9 @@ import org.springframework.security.TargetObject;
|
|||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.aspectj.AspectJCallback;
|
||||
import org.springframework.security.access.intercept.method.aspectj.AspectJSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.aspectj.AspectJCallback;
|
||||
import org.springframework.security.access.intercept.aspectj.AspectJSecurityInterceptor;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
|
@ -9,7 +9,7 @@ import org.junit.Before;
|
|||
import org.junit.Test;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
|
||||
/**
|
||||
* Tests for {@link MapBasedMethodSecurityMetadataSource}.
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ import org.springframework.security.access.AccessDecisionManager;
|
|||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.MethodInvocationPrivilegeEvaluator;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator;
|
||||
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
|
@ -42,7 +42,7 @@ import org.springframework.security.util.MethodInvocationUtils;
|
|||
|
||||
|
||||
/**
|
||||
* Tests {@link org.springframework.security.access.intercept.method.MethodInvocationPrivilegeEvaluator}.
|
||||
* Tests {@link org.springframework.security.access.intercept.MethodInvocationPrivilegeEvaluator}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @version $Id$
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ import org.springframework.security.OtherTargetObject;
|
|||
import org.springframework.security.TargetObject;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSourceEditor;
|
||||
import org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSourceEditor;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ import org.aopalliance.intercept.MethodInvocation;
|
|||
import org.aspectj.lang.JoinPoint;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.intercept.method.MethodSecurityMetadataSource;
|
||||
import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -17,11 +17,11 @@ package org.springframework.security.access.vote;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
|
|
|
|||
|
|
@ -21,9 +21,9 @@ import java.util.ArrayList;
|
|||
import java.util.List;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.AffirmativeBased;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ import java.util.List;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.AuthenticatedVoter;
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.authentication.RememberMeAuthenticationToken;
|
||||
|
|
|
|||
|
|
@ -21,10 +21,10 @@ import java.util.List;
|
|||
import java.util.Vector;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.ConsensusBased;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@
|
|||
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import java.util.Iterator;
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@
|
|||
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import java.util.Iterator;
|
||||
|
|
|
|||
|
|
@ -20,10 +20,10 @@ import java.util.Vector;
|
|||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.vote.AccessDecisionVoter;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.access.vote.UnanimousBased;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@
|
|||
</bean>
|
||||
|
||||
<bean id="securityInteceptor"
|
||||
class="org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="validateConfigAttributes"><value>false</value></property>
|
||||
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
|
||||
<property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="securityInterceptor" class="org.springframework.security.access.intercept.method.aopalliance.MethodSecurityInterceptor">
|
||||
<bean id="securityInterceptor" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
|
||||
<property name="validateConfigAttributes" value="true"/>
|
||||
<property name="rejectPublicInvocations" value="true"/>
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
|
|
|
|||
Loading…
Reference in New Issue