SEC-1558: Changed signatures of PrePostInvocationAttributeFactory to take strings rather than annotation types to allow the metadata to be obtained from other sources (not just annotations).
This commit is contained in:
Luke Taylor
parent
423f9eae7a
commit
c1f2fa1983
|
|
@ -6,11 +6,7 @@ package org.springframework.security.access.expression.method;
|
|||
import org.springframework.expression.Expression;
|
||||
import org.springframework.expression.ExpressionParser;
|
||||
import org.springframework.expression.ParseException;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.access.prepost.PostFilter;
|
||||
import org.springframework.security.access.prepost.PostInvocationAttribute;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.access.prepost.PreFilter;
|
||||
import org.springframework.security.access.prepost.PreInvocationAttribute;
|
||||
import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
|
||||
|
||||
|
|
@ -28,22 +24,21 @@ public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocat
|
|||
parser = handler.getExpressionParser();
|
||||
}
|
||||
|
||||
public PreInvocationAttribute createPreInvocationAttribute(PreFilter preFilter, PreAuthorize preAuthorize) {
|
||||
public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject, String preAuthorizeAttribute) {
|
||||
try {
|
||||
// TODO: Optimization of permitAll
|
||||
Expression preAuthorizeExpression = preAuthorize == null ? parser.parseExpression("permitAll") : parser.parseExpression(preAuthorize.value());
|
||||
Expression preFilterExpression = preFilter == null ? null : parser.parseExpression(preFilter.value());
|
||||
String filterObject = preFilter == null ? null : preFilter.filterTarget();
|
||||
Expression preAuthorizeExpression = preAuthorizeAttribute == null ? parser.parseExpression("permitAll") : parser.parseExpression(preAuthorizeAttribute);
|
||||
Expression preFilterExpression = preFilterAttribute == null ? null : parser.parseExpression(preFilterAttribute);
|
||||
return new PreInvocationExpressionAttribute(preFilterExpression, filterObject, preAuthorizeExpression);
|
||||
} catch (ParseException e) {
|
||||
throw new IllegalArgumentException("Failed to parse expression '" + e.getExpressionString() + "'", e);
|
||||
}
|
||||
}
|
||||
|
||||
public PostInvocationAttribute createPostInvocationAttribute(PostFilter postFilter, PostAuthorize postAuthorize) {
|
||||
public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute, String postAuthorizeAttribute) {
|
||||
try {
|
||||
Expression postAuthorizeExpression = postAuthorize == null ? null : parser.parseExpression(postAuthorize.value());
|
||||
Expression postFilterExpression = postFilter == null ? null : parser.parseExpression(postFilter.value());
|
||||
Expression postAuthorizeExpression = postAuthorizeAttribute == null ? null : parser.parseExpression(postAuthorizeAttribute);
|
||||
Expression postFilterExpression = postFilterAttribute == null ? null : parser.parseExpression(postFilterAttribute);
|
||||
|
||||
if (postFilterExpression != null || postAuthorizeExpression != null) {
|
||||
return new PostInvocationExpressionAttribute(postFilterExpression, postAuthorizeExpression);
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
|
|||
logger.trace("Looking for Pre/Post annotations for method '" +
|
||||
method.getName() + "' on target class '" + targetClass + "'");
|
||||
PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
|
||||
|
||||
PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
|
||||
PostFilter postFilter = findAnnotation(method, targetClass, PostFilter.class);
|
||||
// TODO: Can we check for void methods and throw an exception here?
|
||||
|
|
@ -55,15 +56,21 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
|
|||
return null;
|
||||
}
|
||||
|
||||
ArrayList<ConfigAttribute> attrs = new ArrayList<ConfigAttribute>();
|
||||
String preFilterAttribute = preFilter == null ? null : preFilter.value();
|
||||
String filterObject = preFilter == null ? null : preFilter.filterTarget();
|
||||
String preAuthorizeAttribute = preAuthorize == null ? null : preAuthorize.value();
|
||||
String postFilterAttribute = postFilter == null ? null : postFilter.value();
|
||||
String postAuthorizeAttribute = postAuthorize == null ? null : postAuthorize.value();
|
||||
|
||||
PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(preFilter, preAuthorize);
|
||||
ArrayList<ConfigAttribute> attrs = new ArrayList<ConfigAttribute>(2);
|
||||
|
||||
PreInvocationAttribute pre = attributeFactory.createPreInvocationAttribute(preFilterAttribute, filterObject, preAuthorizeAttribute);
|
||||
|
||||
if (pre != null) {
|
||||
attrs.add(pre);
|
||||
}
|
||||
|
||||
PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(postFilter, postAuthorize);
|
||||
PostInvocationAttribute post = attributeFactory.createPostInvocationAttribute(postFilterAttribute, postAuthorizeAttribute);
|
||||
|
||||
if (post != null) {
|
||||
attrs.add(post);
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import org.springframework.aop.framework.AopInfrastructureBean;
|
|||
*/
|
||||
public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
|
||||
|
||||
PreInvocationAttribute createPreInvocationAttribute(PreFilter preFilter, PreAuthorize preAuthorize);
|
||||
PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject, String preAuthorizeAttribute);
|
||||
|
||||
PostInvocationAttribute createPostInvocationAttribute(PostFilter postFilter, PostAuthorize postAuthorize);
|
||||
PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute, String postAuthorizeAttribute);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,7 @@
|
|||
package org.springframework.security.integration.python;
|
||||
|
||||
import org.python.util.PythonInterpreter;
|
||||
import org.springframework.security.access.prepost.PostAuthorize;
|
||||
import org.springframework.security.access.prepost.PostFilter;
|
||||
import org.springframework.security.access.prepost.PostInvocationAttribute;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.access.prepost.PreFilter;
|
||||
import org.springframework.security.access.prepost.PreInvocationAttribute;
|
||||
import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
|
||||
|
||||
|
|
@ -16,11 +12,11 @@ public class PythonInterpreterPrePostInvocationAttributeFactory implements PrePo
|
|||
}
|
||||
|
||||
|
||||
public PreInvocationAttribute createPreInvocationAttribute(PreFilter preFilter, PreAuthorize preAuthorize) {
|
||||
return new PythonInterpreterPreInvocationAttribute(preAuthorize.value());
|
||||
public PreInvocationAttribute createPreInvocationAttribute(String preFilterAttribute, String filterObject, String preAuthorizeAttribute) {
|
||||
return new PythonInterpreterPreInvocationAttribute(preAuthorizeAttribute );
|
||||
}
|
||||
|
||||
public PostInvocationAttribute createPostInvocationAttribute(PostFilter postFilter, PostAuthorize postAuthorize) {
|
||||
public PostInvocationAttribute createPostInvocationAttribute(String postFilterAttribute, String postAuthorizeAttribute) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue