SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.

2008-12-08 21:54:47 +00:00 · 2008-12-08 21:54:47 +00:00 · a2ef10e65f
parent 6b4045667a
commit a2ef10e65f
5 changed files with 15 additions and 2 deletions
--- a/core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodDefinitionSource.java
+++ b/core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodDefinitionSource.java
@ -58,7 +58,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
            return null;
        }

-        logger.debug("Looking for expression annotations for method '" +
+        logger.trace("Looking for expression annotations for method '" +
                method.getName() + "' on target class '" + targetClass + "'");
        PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
        PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
@ -68,7 +68,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe

        if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null ) {
            // There is no meta-data so return
-            logger.debug("No expression annotations found");
+            logger.trace("No expression annotations found");
            return null;
        }

--- a/core/src/main/java/org/springframework/security/expression/support/DefaultSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/expression/support/DefaultSecurityExpressionHandler.java
@ -61,6 +61,7 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
    public EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi) {
        StandardEvaluationContext ctx = new StandardEvaluationContext();
        SecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
+        root.setTrustResolver(trustResolver);
        ctx.setRootObject(root);

        return ctx;
--- a/core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java
+++ b/core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java
@ -69,6 +69,10 @@ abstract class SecurityExpressionRoot {
        return trustResolver.isAnonymous(authentication);
    }

+    public final boolean isAuthenticated() {
+        return !isAnonymous();
+    }
+
    public final boolean isRememberMe() {
        return trustResolver.isRememberMe(authentication);
    }
--- a/core/src/main/java/org/springframework/security/expression/web/WebExpressionConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/expression/web/WebExpressionConfigAttribute.java
@ -25,4 +25,8 @@ class WebExpressionConfigAttribute implements ConfigAttribute {
        return null;
    }

+    @Override
+    public String toString() {
+        return authorizeExpression.getExpressionString();
+    }
 }
--- a/core/src/main/java/org/springframework/security/expression/web/WebExpressionVoter.java
+++ b/core/src/main/java/org/springframework/security/expression/web/WebExpressionVoter.java
@ -21,6 +21,10 @@ public class WebExpressionVoter implements AccessDecisionVoter {
    private SecurityExpressionHandler expressionHandler = new DefaultSecurityExpressionHandler();

    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        assert authentication != null;
+        assert object != null;
+        assert attributes != null;
+
        WebExpressionConfigAttribute weca = findConfigAttribute(attributes);

        if (weca == null) {