SEC-333: Eliminate dependecy on ORO when Ant Paths being used instead of Regular Expressions.

core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditor.java

@@ -50,10 +50,10 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
 
     public void setAsText(String s) throws IllegalArgumentException {
         FilterInvocationDefinitionDecorator source = new FilterInvocationDefinitionDecorator();
-        source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
 
         if ((s == null) || "".equals(s)) {
             // Leave target object empty
+            source.setDecorated(new PathBasedFilterInvocationDefinitionMap());
         } else {
             // Check if we need to override the default definition map
             if (s.lastIndexOf(DIRECTIVE_PATTERN_TYPE_APACHE_ANT) != -1) {
@@ -63,6 +63,8 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
                     logger.debug(("Detected " + DIRECTIVE_PATTERN_TYPE_APACHE_ANT
                         + " directive; using Apache Ant style path expressions"));
                 }
+            } else {
+                source.setDecorated(new RegExpBasedFilterInvocationDefinitionMap());
             }
 
             if (s.lastIndexOf(DIRECTIVE_CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON) != -1) {

core/src/test/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditorTests.java

@@ -247,7 +247,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
         assertEquals(expected, returned);
     }
 
-    public void testSingleUrlParsing() throws Exception {
+    public void testSingleUrlParsingWithRegularExpressions() throws Exception {
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
         editor.setAsText("\\A/secure/super.*\\Z=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
 
@@ -266,6 +266,25 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
         assertEquals(expected, returned);
     }
 
+    public void testSingleUrlParsingWithAntPaths() throws Exception {
+        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
+        editor.setAsText("PATTERN_TYPE_APACHE_ANT\r\n/secure/super/**=ROLE_WE_DONT_HAVE,ANOTHER_ROLE");
+
+        PathBasedFilterInvocationDefinitionMap map = (PathBasedFilterInvocationDefinitionMap) editor.getValue();
+
+        MockHttpServletRequest httpRequest = new MockHttpServletRequest(null, null);
+        httpRequest.setServletPath("/secure/super/very_secret.html");
+
+        ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
+                    new MockHttpServletResponse(), new MockFilterChain()));
+
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
+        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
+        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
+
+        assertEquals(expected, returned);
+    }
+    
     public void testWhitespaceAndCommentsAndLinesWithoutEqualsSignsAreIgnored() {
         FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
         editor.setAsText(