From af56f4844d79ba071f6613375866c427afe16e7b Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Tue, 7 Sep 2010 19:45:37 +0100 Subject: [PATCH] SEC-1562: Created SecurityExpressionHandler interface and AbstractSecurityExpressionHandler. --- aspects/aspects.gradle | 2 + .../AbstractSecurityExpressionHandler.java | 83 +++++++++++++++++++ .../expression/SecurityExpressionHandler.java | 25 ++++++ ...efaultMethodSecurityExpressionHandler.java | 63 ++++---------- .../ExpressionBasedPreInvocationAdvice.java | 2 +- .../MethodSecurityExpressionHandler.java | 23 ++--- .../security/taglibs/authz/AuthorizeTag.java | 24 +++--- taglibs/taglibs.gradle | 1 + .../DefaultWebSecurityExpressionHandler.java | 46 ++-------- ...ilterInvocationSecurityMetadataSource.java | 6 +- .../access/expression/WebExpressionVoter.java | 5 +- .../WebSecurityExpressionHandler.java | 17 +--- 12 files changed, 161 insertions(+), 136 deletions(-) create mode 100644 core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java create mode 100644 core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java diff --git a/aspects/aspects.gradle b/aspects/aspects.gradle index 300f6263b0..5c7837d043 100644 --- a/aspects/aspects.gradle +++ b/aspects/aspects.gradle @@ -3,4 +3,6 @@ dependencies { compile project(':spring-security-core'), "org.springframework:spring-beans:$springVersion", "org.springframework:spring-context:$springVersion" + + testCompile 'aopalliance:aopalliance:1.0' } \ No newline at end of file diff --git a/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java new file mode 100644 index 0000000000..ba55b33b56 --- /dev/null +++ b/core/src/main/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java @@ -0,0 +1,83 @@ +package org.springframework.security.access.expression; + +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; +import org.springframework.expression.EvaluationContext; +import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; +import org.springframework.expression.spel.support.StandardEvaluationContext; +import org.springframework.security.access.hierarchicalroles.RoleHierarchy; +import org.springframework.security.authentication.AuthenticationTrustResolver; +import org.springframework.security.authentication.AuthenticationTrustResolverImpl; +import org.springframework.security.core.Authentication; + +/** + * Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions + * from the implementation of the underlying expression objects. + * + * @author Luke Taylor + * @since 3.1 + */ +public abstract class AbstractSecurityExpressionHandler implements SecurityExpressionHandler, ApplicationContextAware { + private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); + private final ExpressionParser expressionParser = new SpelExpressionParser(); + private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor(); + private RoleHierarchy roleHierarchy; + private ApplicationContext applicationContext; + + public final ExpressionParser getExpressionParser() { + return expressionParser; + } + + /** + * Invokes the internal template methods to create {@code StandardEvaluationContext} and {@code SecurityExpressionRoot} + * objects. The root object will be injected with references to the application context, the {@code roleHierarchy} + * if set, and an {@code AuthenticationTrustResolver}. + * + * @param authentication the current authentication object + * @param invocation the invocation (filter, method, channel) + * @return the context object for use in evaluating the expression, populated with a suitable root object. + */ + public final EvaluationContext createEvaluationContext(Authentication authentication, T invocation) { + SecurityExpressionRoot root = createSecurityExpressionRoot(authentication, invocation); + root.setTrustResolver(trustResolver); + root.setRoleHierarchy(roleHierarchy); + root.setApplicationContext(applicationContext); + StandardEvaluationContext ctx = createEvaluationContextInternal(authentication, invocation); + ctx.addPropertyAccessor(sxrpa); + ctx.setRootObject(root); + + return ctx; + } + + /** + * Override to create a custom instance of {@code StandardEvaluationContext}. + *

+ * The returned object will have a {@code SecurityExpressionRootPropertyAccessor} added, allowing beans in + * the {@code ApplicationContext} to be accessed via expression properties. + * + * @param authentication the current authentication object + * @param invocation the invocation (filter, method, channel) + * @return A {@code StandardEvaluationContext} or potentially a custom subclass if overridden. + */ + protected StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, T invocation) { + return new StandardEvaluationContext(); + } + + /** + * Implement in order to create a root object of the correct type for the supported invocation type. + * + * @param authentication the current authentication object + * @param invocation the invocation (filter, method, channel) + * @return a + */ + protected abstract SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, T invocation); + + public void setRoleHierarchy(RoleHierarchy roleHierarchy) { + this.roleHierarchy = roleHierarchy; + } + + public void setApplicationContext(ApplicationContext applicationContext) { + this.applicationContext = applicationContext; + } +} diff --git a/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java new file mode 100644 index 0000000000..fc5f703d74 --- /dev/null +++ b/core/src/main/java/org/springframework/security/access/expression/SecurityExpressionHandler.java @@ -0,0 +1,25 @@ +package org.springframework.security.access.expression; + +import org.springframework.aop.framework.AopInfrastructureBean; +import org.springframework.expression.EvaluationContext; +import org.springframework.expression.ExpressionParser; +import org.springframework.security.core.Authentication; + +/** + * Facade which isolates Spring Security's requirements for evaluating security expressions + * from the implementation of the underlying expression objects + * + * @author Luke Taylor + * @since 3.1 + */ +public interface SecurityExpressionHandler extends AopInfrastructureBean { + /** + * @return an expression parser for the expressions used by the implementation. + */ + ExpressionParser getExpressionParser(); + + /** + * Provides an evaluation context in which to evaluate security expressions for the invocation type. + */ + EvaluationContext createEvaluationContext(Authentication authentication, T invocation); +} diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java index e701abe200..ffabf7e075 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java @@ -1,71 +1,56 @@ package org.springframework.security.access.expression.method; import java.lang.reflect.Array; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.List; +import java.util.*; import org.aopalliance.intercept.MethodInvocation; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.BeansException; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; import org.springframework.core.LocalVariableTableParameterNameDiscoverer; import org.springframework.core.ParameterNameDiscoverer; import org.springframework.expression.EvaluationContext; import org.springframework.expression.Expression; -import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.standard.SpelExpressionParser; +import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.access.PermissionCacheOptimizer; import org.springframework.security.access.PermissionEvaluator; +import org.springframework.security.access.expression.AbstractSecurityExpressionHandler; import org.springframework.security.access.expression.ExpressionUtils; +import org.springframework.security.access.expression.SecurityExpressionRoot; import org.springframework.security.access.expression.SecurityExpressionRootPropertyAccessor; -import org.springframework.security.access.hierarchicalroles.RoleHierarchy; -import org.springframework.security.authentication.AuthenticationTrustResolver; -import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.core.Authentication; /** - * The standard implementation of SecurityExpressionHandler. + * The standard implementation of {@code MethodSecurityExpressionHandler}. *

* A single instance should usually be shared amongst the beans that require expression support. * * @author Luke Taylor * @since 3.0 */ -public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExpressionHandler, ApplicationContextAware { +public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpressionHandler implements MethodSecurityExpressionHandler { protected final Log logger = LogFactory.getLog(getClass()); private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer(); private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator(); private PermissionCacheOptimizer permissionCacheOptimizer = null; - private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor(); - private final ExpressionParser expressionParser = new SpelExpressionParser(); - private RoleHierarchy roleHierarchy; - private ApplicationContext applicationContext; public DefaultMethodSecurityExpressionHandler() { } /** - * Uses a {@link MethodSecurityEvaluationContext} as the EvaluationContext implementation and - * configures it with a {@link MethodSecurityExpressionRoot} instance as the expression root object. + * Uses a {@link MethodSecurityEvaluationContext} as the EvaluationContext implementation. */ - public EvaluationContext createEvaluationContext(Authentication auth, MethodInvocation mi) { - MethodSecurityEvaluationContext ctx = new MethodSecurityEvaluationContext(auth, mi, parameterNameDiscoverer); - MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(auth); - root.setTrustResolver(trustResolver); - root.setPermissionEvaluator(permissionEvaluator); - root.setRoleHierarchy(roleHierarchy); - root.setApplicationContext(applicationContext); - ctx.setRootObject(root); - ctx.addPropertyAccessor(sxrpa); + public StandardEvaluationContext createEvaluationContextInternal(Authentication auth, MethodInvocation mi) { + return new MethodSecurityEvaluationContext(auth, mi, parameterNameDiscoverer); + } - return ctx; + @Override + protected SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) { + MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication); + root.setPermissionEvaluator(permissionEvaluator); + + return root; } /** @@ -151,10 +136,6 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp throw new IllegalArgumentException("Filter target must be a collection or array type, but was " + filterTarget); } - public ExpressionParser getExpressionParser() { - return expressionParser; - } - public void setParameterNameDiscoverer(ParameterNameDiscoverer parameterNameDiscoverer) { this.parameterNameDiscoverer = parameterNameDiscoverer; } @@ -167,19 +148,7 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp this.permissionCacheOptimizer = permissionCacheOptimizer; } - public void setTrustResolver(AuthenticationTrustResolver trustResolver) { - this.trustResolver = trustResolver; - } - public void setReturnObject(Object returnObject, EvaluationContext ctx) { ((MethodSecurityExpressionRoot)ctx.getRootObject().getValue()).setReturnObject(returnObject); } - - public void setRoleHierarchy(RoleHierarchy roleHierarchy) { - this.roleHierarchy = roleHierarchy; - } - - public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { - this.applicationContext = applicationContext; - } } diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java index c772088195..4a61308793 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java @@ -17,7 +17,7 @@ import org.springframework.security.core.Authentication; * Method pre-invocation handling based on expressions. * * @author Luke Taylor - * @since + * @since 3.0 */ public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice { private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java index a58f45fbc5..4560009d88 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityExpressionHandler.java @@ -1,30 +1,17 @@ package org.springframework.security.access.expression.method; import org.aopalliance.intercept.MethodInvocation; -import org.springframework.aop.framework.AopInfrastructureBean; import org.springframework.expression.EvaluationContext; import org.springframework.expression.Expression; -import org.springframework.expression.ExpressionParser; -import org.springframework.security.core.Authentication; +import org.springframework.security.access.expression.SecurityExpressionHandler; /** - * Facade which isolates Spring Security's requirements for evaluation method-security expressions - * from the implementation of the underlying expression objects. + * Extended expression-handler facade which adds methods which are specific to securing method invocations. * * @author Luke Taylor * @since 3.0 */ -public interface MethodSecurityExpressionHandler extends AopInfrastructureBean { - /** - * @return an expression parser for the expressions used by the implementation. - */ - ExpressionParser getExpressionParser(); - - /** - * Provides an evaluation context in which to evaluate security expressions for a method invocation. - */ - EvaluationContext createEvaluationContext(Authentication authentication, MethodInvocation mi); - +public interface MethodSecurityExpressionHandler extends SecurityExpressionHandler { /** * Filters a target collection or array. * Only applies to method invocations. @@ -33,7 +20,7 @@ public interface MethodSecurityExpressionHandler extends AopInfrastructureBean { * @param filterExpression the expression which should be used as the filter condition. If it returns false on * evaluation, the object will be removed from the returned collection * @param ctx the current evaluation context (as created through a call to - * {@link #createEvaluationContext(Authentication, MethodInvocation)} + * {@link #createEvaluationContext(org.springframework.security.core.Authentication, Object)} * @return the filtered collection or array */ Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx); @@ -44,7 +31,7 @@ public interface MethodSecurityExpressionHandler extends AopInfrastructureBean { * * @param returnObject the return object value * @param ctx the context within which the object should be set (as created through a call to - * {@link #createEvaluationContext(Authentication, MethodInvocation)} + * {@link #createEvaluationContext(org.springframework.security.core.Authentication, Object)} */ void setReturnObject(Object returnObject, EvaluationContext ctx); diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java index 6e45bfeb5a..d9afe4b6ae 100644 --- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java +++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthorizeTag.java @@ -1,8 +1,7 @@ package org.springframework.security.taglibs.authz; import java.io.IOException; -import java.util.Map; - +import java.util.*; import javax.servlet.FilterChain; import javax.servlet.ServletContext; import javax.servlet.ServletException; @@ -13,14 +12,15 @@ import javax.servlet.jsp.JspException; import javax.servlet.jsp.PageContext; import org.springframework.context.ApplicationContext; +import org.springframework.core.GenericTypeResolver; import org.springframework.expression.Expression; import org.springframework.expression.ParseException; import org.springframework.security.access.expression.ExpressionUtils; +import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator; -import org.springframework.security.web.access.expression.WebSecurityExpressionHandler; import org.springframework.web.context.support.WebApplicationContextUtils; /** @@ -64,8 +64,7 @@ public class AuthorizeTag extends LegacyAuthorizeTag { } private int authorizeUsingAccessExpression(Authentication currentUser) throws JspException { - // Get web expression - WebSecurityExpressionHandler handler = getExpressionHandler(); + SecurityExpressionHandler handler = getExpressionHandler(); Expression accessExpression; try { @@ -105,17 +104,20 @@ public class AuthorizeTag extends LegacyAuthorizeTag { this.var = var; } - WebSecurityExpressionHandler getExpressionHandler() throws JspException { + SecurityExpressionHandler getExpressionHandler() throws JspException { ServletContext servletContext = pageContext.getServletContext(); ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext); - Map expressionHdlrs = ctx.getBeansOfType(WebSecurityExpressionHandler.class); + Map expressionHdlrs = ctx.getBeansOfType(SecurityExpressionHandler.class); - if (expressionHdlrs.size() == 0) { - throw new JspException("No visible WebSecurityExpressionHandler instance could be found in the application " + - "context. There must be at least one in order to support expressions in JSP 'authorize' tags."); + + for (SecurityExpressionHandler h : expressionHdlrs.values()) { + if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(), SecurityExpressionHandler.class))) { + return h; + } } - return (WebSecurityExpressionHandler) expressionHdlrs.values().toArray()[0]; + throw new JspException("No visible SecurityExpressionHandler instance could be found in the " + + "application context. There must be at least one in order to support expressions in JSP 'authorize' tags."); } WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws JspException { diff --git a/taglibs/taglibs.gradle b/taglibs/taglibs.gradle index af05965bb5..d631a4550f 100644 --- a/taglibs/taglibs.gradle +++ b/taglibs/taglibs.gradle @@ -5,6 +5,7 @@ dependencies { project(':spring-security-web'), project(':spring-security-acl'), "org.springframework:spring-beans:$springVersion", + "org.springframework:spring-aop:$springVersion", "org.springframework:spring-context:$springVersion", "org.springframework:spring-expression:$springVersion", "org.springframework:spring-web:$springVersion" diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java index 8af5c18e26..360ce5d40a 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java @@ -1,55 +1,19 @@ package org.springframework.security.web.access.expression; -import org.springframework.beans.BeansException; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; -import org.springframework.expression.EvaluationContext; -import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.standard.SpelExpressionParser; -import org.springframework.expression.spel.support.StandardEvaluationContext; +import org.springframework.security.access.expression.AbstractSecurityExpressionHandler; import org.springframework.security.access.expression.SecurityExpressionRoot; -import org.springframework.security.access.expression.SecurityExpressionRootPropertyAccessor; -import org.springframework.security.access.hierarchicalroles.RoleHierarchy; -import org.springframework.security.authentication.AuthenticationTrustResolver; -import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.core.Authentication; import org.springframework.security.web.FilterInvocation; /** - * Facade which isolates Spring Security's requirements for evaluating web-security expressions - * from the implementation of the underlying expression objects. * * @author Luke Taylor * @since 3.0 */ -public class DefaultWebSecurityExpressionHandler implements WebSecurityExpressionHandler, ApplicationContextAware { +public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler { - private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - private final ExpressionParser expressionParser = new SpelExpressionParser(); - private final SecurityExpressionRootPropertyAccessor sxrpa = new SecurityExpressionRootPropertyAccessor(); - private RoleHierarchy roleHierarchy; - private ApplicationContext applicationContext; - - public ExpressionParser getExpressionParser() { - return expressionParser; - } - - public EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi) { - SecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi); - root.setTrustResolver(trustResolver); - root.setRoleHierarchy(roleHierarchy); - root.setApplicationContext(applicationContext); - StandardEvaluationContext ctx = new StandardEvaluationContext(root); - ctx.addPropertyAccessor(sxrpa); - - return ctx; - } - - public void setRoleHierarchy(RoleHierarchy roleHierarchy) { - this.roleHierarchy = roleHierarchy; - } - - public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { - this.applicationContext = applicationContext; + @Override + protected SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) { + return new WebSecurityExpressionRoot(authentication, fi); } } diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java index 96fcd49b82..d2bbc693e6 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java @@ -10,12 +10,14 @@ import org.apache.commons.logging.LogFactory; import org.springframework.expression.ExpressionParser; import org.springframework.expression.ParseException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.access.expression.SecurityExpressionHandler; +import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; import org.springframework.security.web.util.RequestMatcher; import org.springframework.util.Assert; /** - * Expression-based FilterInvocationSecurityMetadataSource. + * Expression-based {@code FilterInvocationSecurityMetadataSource}. * * @author Luke Taylor * @since 3.0 @@ -25,7 +27,7 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource extends public ExpressionBasedFilterInvocationSecurityMetadataSource( LinkedHashMap> requestMap, - WebSecurityExpressionHandler expressionHandler) { + SecurityExpressionHandler expressionHandler) { super(processMap(requestMap, expressionHandler.getExpressionParser())); Assert.notNull(expressionHandler, "A non-null SecurityExpressionHandler is required"); } diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java index 439c1fccf0..8a2e80e7f4 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java @@ -6,6 +6,7 @@ import org.springframework.expression.EvaluationContext; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.expression.ExpressionUtils; +import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.core.Authentication; import org.springframework.security.web.FilterInvocation; @@ -15,7 +16,7 @@ import org.springframework.security.web.FilterInvocation; * @since 3.0 */ public class WebExpressionVoter implements AccessDecisionVoter { - private WebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler(); + private SecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler(); public int vote(Authentication authentication, Object object, Collection attributes) { assert authentication != null; @@ -52,7 +53,7 @@ public class WebExpressionVoter implements AccessDecisionVoter { return clazz.isAssignableFrom(FilterInvocation.class); } - public void setExpressionHandler(WebSecurityExpressionHandler expressionHandler) { + public void setExpressionHandler(SecurityExpressionHandler expressionHandler) { this.expressionHandler = expressionHandler; } } diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java index c06a656883..70bb5e801c 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java @@ -1,19 +1,8 @@ package org.springframework.security.web.access.expression; -import org.springframework.expression.EvaluationContext; -import org.springframework.expression.ExpressionParser; -import org.springframework.security.core.Authentication; +import org.springframework.security.access.expression.SecurityExpressionHandler; import org.springframework.security.web.FilterInvocation; -public interface WebSecurityExpressionHandler { - /** - * @return an expression parser for the expressions used by the implementation. - */ - ExpressionParser getExpressionParser(); - - /** - * Provides an evaluation context in which to evaluate security expressions for a web invocation. - */ - EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi); - +@Deprecated +public interface WebSecurityExpressionHandler extends SecurityExpressionHandler { }