Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 06:42:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish PermissionEvaluator Autowired into Web Security

Browse Source 
Issue gh-4077
This commit is contained in:
Rob Winch 2017-09-18 16:51:35 -05:00
parent 3bf6bf10de
commit 8a66d0c78d
2 changed files with 6 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
View File

@ -24,6 +24,7 @@ import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy; import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
@ -222,6 +223,11 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class); GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix()); defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
} }
String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
if(permissionEvaluatorBeanNames.length == 1) {
PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0], PermissionEvaluator.class);
defaultHandler.setPermissionEvaluator(permissionEvaluator);
}
} }
expressionHandler = postProcess(defaultHandler); expressionHandler = postProcess(defaultHandler);

33
core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java
View File

@ -40,12 +40,8 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
SecurityExpressionHandler<T>, ApplicationContextAware { SecurityExpressionHandler<T>, ApplicationContextAware {
private ExpressionParser expressionParser = new SpelExpressionParser(); private ExpressionParser expressionParser = new SpelExpressionParser();
private BeanResolver br; private BeanResolver br;
private ApplicationContext context;
private RoleHierarchy roleHierarchy; private RoleHierarchy roleHierarchy;
private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator(); private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
private boolean roleHierarchySet = false;
private boolean permissionEvaluatorSet = false;
public final ExpressionParser getExpressionParser() { public final ExpressionParser getExpressionParser() {
return expressionParser; return expressionParser;
@ -105,52 +101,23 @@ public abstract class AbstractSecurityExpressionHandler<T> implements
protected abstract SecurityExpressionOperations createSecurityExpressionRoot( protected abstract SecurityExpressionOperations createSecurityExpressionRoot(
Authentication authentication, T invocation); Authentication authentication, T invocation);
private boolean roleHerarchyNotSetForValidContext() {
return ! roleHierarchySet && context != null;
}
protected RoleHierarchy getRoleHierarchy() { protected RoleHierarchy getRoleHierarchy() {
if(roleHerarchyNotSetForValidContext()) {
RoleHierarchy contextRoleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
if(contextRoleHierarchy != null){
roleHierarchy = contextRoleHierarchy;
}
roleHierarchySet = true;
}
return roleHierarchy; return roleHierarchy;
} }
public void setRoleHierarchy(RoleHierarchy roleHierarchy) { public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
roleHierarchySet = true;
this.roleHierarchy = roleHierarchy; this.roleHierarchy = roleHierarchy;
} }
protected PermissionEvaluator getPermissionEvaluator() { protected PermissionEvaluator getPermissionEvaluator() {
if(! permissionEvaluatorSet && context != null) {
PermissionEvaluator contextPermissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
if(contextPermissionEvaluator != null){
permissionEvaluator = contextPermissionEvaluator;
}
permissionEvaluatorSet = true;
}
return permissionEvaluator; return permissionEvaluator;
} }
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) { public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
permissionEvaluatorSet = true;
this.permissionEvaluator = permissionEvaluator; this.permissionEvaluator = permissionEvaluator;
} }
public void setApplicationContext(ApplicationContext applicationContext) { public void setApplicationContext(ApplicationContext applicationContext) {
br = new BeanFactoryResolver(applicationContext); br = new BeanFactoryResolver(applicationContext);
this.context = applicationContext;
}
private <T> T getSingleBeanOrNull(Class<T> type) {
String[] beanNamesForType = context.getBeanNamesForType(type);
if (beanNamesForType == null || beanNamesForType.length != 1) {
return null;
}
return context.getBean(beanNamesForType[0], type);
} }
} }