From 8bf1b8420a5fd3f29c72a38c044a1d08b96416e0 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 7 Sep 2010 22:32:34 +0100 Subject: [PATCH] SEC-1563: Move PermissionEvaluator and related methods to SecurityExpressionRoot --- .../expression/SecurityExpressionRoot.java | 20 +++++++++++++++++++ .../method/MethodSecurityExpressionRoot.java | 18 ----------------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java index 51b5203565..810a4ae2b3 100644 --- a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java @@ -1,10 +1,12 @@ package org.springframework.security.access.expression; +import java.io.Serializable; import java.util.Collection; import java.util.HashSet; import java.util.Set; import org.springframework.context.ApplicationContext; +import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.access.hierarchicalroles.RoleHierarchy; import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.core.Authentication; @@ -30,6 +32,12 @@ public abstract class SecurityExpressionRoot { /** Allows "denyAll" expression */ public final boolean denyAll = false; + private PermissionEvaluator permissionEvaluator; + public final String read = "read"; + public final String write = "write"; + public final String create = "create"; + public final String delete = "delete"; + public final String admin = "administration"; public SecurityExpressionRoot(Authentication a) { if (a == null) { @@ -116,4 +124,16 @@ public abstract class SecurityExpressionRoot { return roles; } + + public boolean hasPermission(Object target, Object permission) { + return permissionEvaluator.hasPermission(authentication, target, permission); + } + + public boolean hasPermission(Object targetId, String targetType, Object permission) { + return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission); + } + + public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) { + this.permissionEvaluator = permissionEvaluator; + } } diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java index 44052f9fde..f8717986b0 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRoot.java @@ -14,27 +14,13 @@ import org.springframework.security.core.Authentication; * @since 3.0 */ class MethodSecurityExpressionRoot extends SecurityExpressionRoot { - private PermissionEvaluator permissionEvaluator; private Object filterObject; private Object returnObject; - public final String read = "read"; - public final String write = "write"; - public final String create = "create"; - public final String delete = "delete"; - public final String admin = "administration"; MethodSecurityExpressionRoot(Authentication a) { super(a); } - public boolean hasPermission(Object target, Object permission) { - return permissionEvaluator.hasPermission(authentication, target, permission); - } - - public boolean hasPermission(Object targetId, String targetType, Object permission) { - return permissionEvaluator.hasPermission(authentication, (Serializable)targetId, targetType, permission); - } - public void setFilterObject(Object filterObject) { this.filterObject = filterObject; } @@ -51,8 +37,4 @@ class MethodSecurityExpressionRoot extends SecurityExpressionRoot { return returnObject; } - public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) { - this.permissionEvaluator = permissionEvaluator; - } - }