diff --git a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java index 6e504db9b6..6232c651a2 100644 --- a/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java @@ -20,13 +20,22 @@ import java.util.Collection; import org.springframework.aop.framework.AopInfrastructureBean; import org.springframework.security.access.intercept.AbstractSecurityInterceptor; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.annotation.SecurityAnnotationScanner; /** * Implemented by classes that store and can identify the {@link ConfigAttribute}s that * applies to a given secure object invocation. * * @author Ben Alex + * @deprecated In modern Spring Security APIs, each API manages its own configuration + * context. As such there is no direct replacement for this interface. In the case of + * method security, please see {@link SecurityAnnotationScanner} and + * {@link AuthorizationManager}. In the case of channel security, please see + * {@code HttpsRedirectFilter}. In the case of web security, please see + * {@link AuthorizationManager}. */ +@Deprecated public interface SecurityMetadataSource extends AopInfrastructureBean { /** diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java index 187701d408..f64c79242f 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java @@ -31,6 +31,8 @@ import org.springframework.expression.ExpressionParser; import org.springframework.expression.ParseException; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.expression.SecurityExpressionHandler; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.annotation.SecurityAnnotationScanner; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -43,7 +45,14 @@ import org.springframework.util.Assert; * @author Luke Taylor * @author EddĂș MelĂ©ndez * @since 3.0 + * @deprecated In modern Spring Security APIs, each API manages its own configuration + * context. As such there is no direct replacement for this interface. In the case of + * method security, please see {@link SecurityAnnotationScanner} and + * {@link AuthorizationManager}. In the case of channel security, please see + * {@code HttpsRedirectFilter}. In the case of web security, please see + * {@link AuthorizationManager}. */ +@Deprecated public final class ExpressionBasedFilterInvocationSecurityMetadataSource extends DefaultFilterInvocationSecurityMetadataSource { diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java index 4265a4df2c..db0f11ea60 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/DefaultFilterInvocationSecurityMetadataSource.java @@ -28,6 +28,8 @@ import org.apache.commons.logging.LogFactory; import org.springframework.core.log.LogMessage; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.annotation.SecurityAnnotationScanner; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.util.matcher.RequestMatcher; @@ -50,7 +52,14 @@ import org.springframework.security.web.util.matcher.RequestMatcher; * * @author Ben Alex * @author Luke Taylor + * @deprecated In modern Spring Security APIs, each API manages its own configuration + * context. As such there is no direct replacement for this interface. In the case of + * method security, please see {@link SecurityAnnotationScanner} and + * {@link AuthorizationManager}. In the case of channel security, please see + * {@code HttpsRedirectFilter}. In the case of web security, please see + * {@link AuthorizationManager}. */ +@Deprecated public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java index b984e50b16..b0d26a476a 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterInvocationSecurityMetadataSource.java @@ -17,6 +17,8 @@ package org.springframework.security.web.access.intercept; import org.springframework.security.access.SecurityMetadataSource; +import org.springframework.security.authorization.AuthorizationManager; +import org.springframework.security.core.annotation.SecurityAnnotationScanner; import org.springframework.security.web.FilterInvocation; /** @@ -24,7 +26,14 @@ import org.springframework.security.web.FilterInvocation; * designed to perform lookups keyed on {@link FilterInvocation}s. * * @author Ben Alex + * @deprecated In modern Spring Security APIs, each API manages its own configuration + * context. As such there is no direct replacement for this interface. In the case of + * method security, please see {@link SecurityAnnotationScanner} and + * {@link AuthorizationManager}. In the case of channel security, please see + * {@code HttpsRedirectFilter}. In the case of web security, please see + * {@link AuthorizationManager}. */ +@Deprecated public interface FilterInvocationSecurityMetadataSource extends SecurityMetadataSource { } diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java index 92d727f6dd..5d3d434523 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/PathPatternRequestMatcher.java @@ -127,7 +127,12 @@ public final class PathPatternRequestMatcher implements RequestMatcher { } private RequestPath getRequestPath(HttpServletRequest request) { - return ServletRequestPathUtils.getParsedRequestPath(request); + if (ServletRequestPathUtils.hasParsedRequestPath(request)) { + return ServletRequestPathUtils.getParsedRequestPath(request); + } + else { + return ServletRequestPathUtils.parseAndCache(request); + } } /**