SEC-2230: Polish scoping and finals

2013-07-31 10:43:36 -05:00 · 2013-07-31 10:43:36 -05:00 · 94a73fee37
parent a1bf28a697
commit 94a73fee37
7 changed files with 14 additions and 20 deletions
--- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java
@ -18,7 +18,6 @@ package org.springframework.security.config.http;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.List;
-import java.util.regex.PatternSyntaxException;

 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
@ -33,7 +32,6 @@ import org.springframework.security.web.header.writers.HstsHeaderWriter;
 import org.springframework.security.web.header.writers.StaticHeadersWriter;
 import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter;
 import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
-import org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy;
 import org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy;
@ -200,20 +198,16 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
                                    "'value' attribute doesn't represent a valid URI.", frameElt, e);
                        }
                    } else {
-                        AbstractRequestParameterAllowFromStrategy allowFromStrategy = null;
+                        BeanDefinitionBuilder allowFromStrategy;
                        if ("whitelist".equals(strategy)) {
-                            allowFromStrategy = new WhiteListedAllowFromStrategy(
-                                    StringUtils.commaDelimitedListToSet(value));
+                            allowFromStrategy =  BeanDefinitionBuilder.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
+                            allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value));
                        } else {
-                            try {
-                                allowFromStrategy = new RegExpAllowFromStrategy(value);
-                            } catch (PatternSyntaxException e) {
-                                parserContext.getReaderContext().error(
-                                        "'value' attribute doesn't represent a valid regular expression.", frameElt, e);
-                            }
+                            allowFromStrategy =  BeanDefinitionBuilder.rootBeanDefinition(RegExpAllowFromStrategy.class);
+                            allowFromStrategy.addConstructorArgValue(value);
                        }
                        String fromParameter = getAttribute(frameElt, ATT_FROM_PARAMETER, "from");
-                        allowFromStrategy.setAllowFromParameterName(fromParameter);
+                        allowFromStrategy.addPropertyValue("allowFromParameterName", fromParameter);
                        builder.addConstructorArgValue(allowFromStrategy);
                    }
                } else {
--- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java
@ -29,7 +29,7 @@ import org.springframework.util.Assert;
 * @author Rob Winch
 * @since 3.2
 */
-public class DelegatingRequestMatcherHeaderWriter implements HeaderWriter {
+public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter {
    private final RequestMatcher requestMatcher;

    private final HeaderWriter delegateHeaderWriter;
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java
@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletRequest;
 * @author Marten Deinum
 * @since 3.2
 */
-public abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy {
+abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy {

    private static final String DEFAULT_ORIGIN_REQUEST_PARAMETER = "x-frames-allow-from";

--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java
@ -12,7 +12,7 @@ import java.util.regex.Pattern;
 * @author Marten Deinum
 * @since 3.2
 */
-public class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {
+public final class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {

    private final Pattern pattern;

--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java
@ -6,12 +6,12 @@ import java.net.URI;
 /**
 * Simple implementation of the {@code AllowFromStrategy}
 */
-public class StaticAllowFromStrategy implements AllowFromStrategy {
+public final class StaticAllowFromStrategy implements AllowFromStrategy {

    private final URI uri;

    public StaticAllowFromStrategy(URI uri) {
-        this.uri=uri;
+        this.uri = uri;
    }

    public String getAllowFromValue(HttpServletRequest request) {
--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java
@ -10,7 +10,7 @@ import org.springframework.util.Assert;
 * @author Marten Deinum
 * @since 3.2
 */
-public class WhiteListedAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {
+public final class WhiteListedAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy {

    private final Collection<String> allowed;

--- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
+++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java
@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 *
 * @see AllowFromStrategy
 */
-public class XFrameOptionsHeaderWriter implements HeaderWriter {
+public final class XFrameOptionsHeaderWriter implements HeaderWriter {

    public static final String XFRAME_OPTIONS_HEADER = "X-Frame-Options";

@ -110,7 +110,7 @@ public class XFrameOptionsHeaderWriter implements HeaderWriter {
         *
         * @return the mode for the X-Frame-Options header value.
         */
-        public String getMode() {
+        private String getMode() {
            return mode;
        }
    }