SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.

2025-06-28 14:52:24 +00:00 · 2008-12-08 21:54:47 +00:00 · 2008-12-08 21:54:47 +00:00 · a2ef10e65f
commit a2ef10e65f
parent 6b4045667a
5 changed files with 15 additions and 2 deletions
--- a/core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodDefinitionSource.java
@ -58,7 +58,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
            return null;
        }
-        logger.debug("Looking for expression annotations for method '" +
+        logger.trace("Looking for expression annotations for method '" +
                method.getName() + "' on target class '" + targetClass + "'");
        PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
        PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
@ -68,7 +68,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
        if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null ) {
            // There is no meta-data so return
-            logger.debug("No expression annotations found");
+            logger.trace("No expression annotations found");
            return null;
        }
--- a/core/src/main/java/org/springframework/security/expression/support/DefaultSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/expression/support/DefaultSecurityExpressionHandler.java
@ -61,6 +61,7 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
    public EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi) {
        StandardEvaluationContext ctx = new StandardEvaluationContext();
        SecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
        root.setTrustResolver(trustResolver);
        ctx.setRootObject(root);
        return ctx;
--- a/core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java
@ -69,6 +69,10 @@ abstract class SecurityExpressionRoot {
        return trustResolver.isAnonymous(authentication);
    }
    public final boolean isAuthenticated() {
        return !isAnonymous();
    }
    public final boolean isRememberMe() {
        return trustResolver.isRememberMe(authentication);
    }
--- a/core/src/main/java/org/springframework/security/expression/web/WebExpressionConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/expression/web/WebExpressionConfigAttribute.java
@ -25,4 +25,8 @@ class WebExpressionConfigAttribute implements ConfigAttribute {
        return null;
    }
    @Override
    public String toString() {
        return authorizeExpression.getExpressionString();
    }
 }
--- a/core/src/main/java/org/springframework/security/expression/web/WebExpressionVoter.java
+++ b/core/src/main/java/org/springframework/security/expression/web/WebExpressionVoter.java
@ -21,6 +21,10 @@ public class WebExpressionVoter implements AccessDecisionVoter {
    private SecurityExpressionHandler expressionHandler = new DefaultSecurityExpressionHandler();
    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
        assert authentication != null;
        assert object != null;
        assert attributes != null;
        WebExpressionConfigAttribute weca = findConfigAttribute(attributes);
        if (weca == null) {