SEC-1342: Introduced extra factory method in SecurityConfig to get round problem with Spring converting a string with commas to an array

2009-12-23 14:12:59 +00:00 · 2009-12-23 14:12:59 +00:00 · bcb1ff8921
parent 115d5b84ff
commit bcb1ff8921
3 changed files with 7 additions and 3 deletions
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@ -135,7 +135,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
            if (useExpressions) {
                logger.info("Creating access control expression attribute '" + access + "' for " + path);
                // The single expression will be parsed later by the ExpressionFilterInvocationSecurityMetadataSource
-                attributeBuilder.setFactoryMethod("createList");
+                attributeBuilder.setFactoryMethod("createSingleAttributeList");

            } else {
                attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@ -1004,7 +1004,7 @@ public class HttpSecurityBeanDefinitionParserTests {
    public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Exception {
        setContext(
                "    <http auto-config='true' use-expressions='true'>" +
-                "        <intercept-url pattern='/secure*' access=\"hasRole('ROLE_A')\" />" +
+                "        <intercept-url pattern='/secure*' access=\"hasAnyRole('ROLE_A','ROLE_C')\" />" +
                "        <intercept-url pattern='/**' access='permitAll()' />" +
                "    </http>" + AUTH_PROVIDER_XML);

--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@ -67,8 +67,12 @@ public class SecurityConfig implements ConfigAttribute {
        return createList(StringUtils.commaDelimitedListToStringArray(access));
    }

+    public final static List<ConfigAttribute> createSingleAttributeList(String access) {
+        return createList(access);
+    }
+
    public final static List<ConfigAttribute> createList(String... attributeNames) {
-        Assert.notNull(attributeNames, "You must supply a list of argument names");
+        Assert.notNull(attributeNames, "You must supply an array of attribute names");
        List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeNames.length);

        for (String attribute : attributeNames) {