From 8a66d0c78d9f51e2294229ff3c4038dfe5008c73 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 18 Sep 2017 16:51:35 -0500
Subject: [PATCH] Polish PermissionEvaluator Autowired into Web Security

Issue gh-4077
---
 .../ExpressionUrlAuthorizationConfigurer.java |  6 ++++
 .../AbstractSecurityExpressionHandler.java    | 33 -------------------
 2 files changed, 6 insertions(+), 33 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
index 61543d9e83..7f763ac293 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -24,6 +24,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
@@ -222,6 +223,11 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 					GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
 					defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
 				}
+				String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
+				if(permissionEvaluatorBeanNames.length == 1) {
+					PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0], PermissionEvaluator.class);
+					defaultHandler.setPermissionEvaluator(permissionEvaluator);
+				}
 			}
 
 			expressionHandler = postProcess(defaultHandler);
diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
index 7438aed731..15d1f5b744 100644
--- a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
@@ -40,12 +40,8 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
 		SecurityExpressionHandler<T>, ApplicationContextAware {
 	private ExpressionParser expressionParser = new SpelExpressionParser();
 	private BeanResolver br;
-	private ApplicationContext context;
 	private RoleHierarchy roleHierarchy;
 	private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
-	private boolean roleHierarchySet = false;
-	private boolean permissionEvaluatorSet = false;
-
 
 	public final ExpressionParser getExpressionParser() {
 		return expressionParser;
@@ -105,52 +101,23 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
 	protected abstract SecurityExpressionOperations createSecurityExpressionRoot(
 			Authentication authentication, T invocation);
 
-	private boolean roleHerarchyNotSetForValidContext() {
-		return ! roleHierarchySet && context != null;
-	}
-
 	protected RoleHierarchy getRoleHierarchy() {
-		if(roleHerarchyNotSetForValidContext()) {
-			RoleHierarchy contextRoleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
-			if(contextRoleHierarchy != null){
-				roleHierarchy = contextRoleHierarchy;
-			}
-			roleHierarchySet = true;
-		}
 		return roleHierarchy;
 	}
 
 	public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
-		roleHierarchySet = true;
 		this.roleHierarchy = roleHierarchy;
 	}
 
 	protected PermissionEvaluator getPermissionEvaluator() {
-		if(! permissionEvaluatorSet && context != null) {
-			PermissionEvaluator contextPermissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
-			if(contextPermissionEvaluator != null){
-				permissionEvaluator = contextPermissionEvaluator;
-			}
-			permissionEvaluatorSet = true;
-		}
 		return permissionEvaluator;
 	}
 
 	public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
-		permissionEvaluatorSet = true;
 		this.permissionEvaluator = permissionEvaluator;
 	}
 
 	public void setApplicationContext(ApplicationContext applicationContext) {
 		br = new BeanFactoryResolver(applicationContext);
-		this.context = applicationContext;
-	}
-
-	private <T> T getSingleBeanOrNull(Class<T> type) {
-		String[] beanNamesForType = context.getBeanNamesForType(type);
-		if (beanNamesForType == null || beanNamesForType.length != 1) {
-			return null;
-		}
-		return context.getBean(beanNamesForType[0], type);
 	}
 }