diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java index ce98b5849a..e02eb27a97 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java @@ -2,7 +2,7 @@ package org.springframework.security.access.expression.method; import org.springframework.expression.Expression; import org.springframework.expression.ParseException; -import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.security.access.ConfigAttribute; import org.springframework.util.Assert; @@ -26,7 +26,7 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt */ AbstractExpressionBasedMethodConfigAttribute(String filterExpression, String authorizeExpression) throws ParseException { Assert.isTrue(filterExpression != null || authorizeExpression != null, "Filter and authorization Expressions cannot both be null"); - SpelAntlrExpressionParser parser = new SpelAntlrExpressionParser(); + SpelExpressionParser parser = new SpelExpressionParser(); this.filterExpression = filterExpression == null ? null : parser.parseExpression(filterExpression); this.authorizeExpression = authorizeExpression == null ? null : parser.parseExpression(authorizeExpression); } diff --git a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java index 176b9dd353..33c4025e5d 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java @@ -13,7 +13,7 @@ import org.springframework.core.ParameterNameDiscoverer; import org.springframework.expression.EvaluationContext; import org.springframework.expression.Expression; import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.access.expression.ExpressionUtils; import org.springframework.security.authentication.AuthenticationTrustResolver; @@ -36,7 +36,7 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer(); private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator(); private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - private ExpressionParser expressionParser = new SpelAntlrExpressionParser(); + private ExpressionParser expressionParser = new SpelExpressionParser(); public DefaultMethodSecurityExpressionHandler() { } diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java index 4278490612..d882e887e8 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java @@ -14,10 +14,8 @@ import org.springframework.security.access.prepost.PreInvocationAuthorizationAdv import org.springframework.security.core.Authentication; /** - * If only a @PreFilter condition is specified, it will vote to grant access, otherwise it will vote - * to grant or deny access depending on whether the @PreAuthorize expression evaluates to 'true' or 'false', - * respectively. - + * Method pre-invocation handling based on expressions. + * * @author Luke Taylor * @version $Id$ * @since diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java index 01feb65f91..1adb4c5fdd 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java @@ -12,5 +12,14 @@ import org.springframework.security.core.Authentication; */ public interface PreInvocationAuthorizationAdvice { + /** + * The "before" advice which should be executed to perform any filtering necessary and to decide whether + * the method call is authorised. + * + * @param authentication the information on the principal on whose account the decision should be made + * @param mi the method invocation being attempted + * @param preInvocationAttribute the attribute built from the @PreFilte and @PostFilter annotations. + * @return true if authorised, false otherwise + */ boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preInvocationAttribute); } diff --git a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java index 3197c8be9d..4f29babeae 100644 --- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java +++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java @@ -16,8 +16,6 @@ package org.springframework.security.util; import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.List; import org.aopalliance.intercept.MethodInvocation; import org.springframework.aop.framework.Advised; @@ -57,13 +55,11 @@ public final class MethodInvocationUtils { Class[] classArgs = null; if (args != null) { - List> list = new ArrayList>(); + classArgs = new Class[args.length]; for (int i = 0; i < args.length; i++) { - list.add(args[i].getClass()); + classArgs[i] = args[i].getClass(); } - - classArgs = list.toArray(new Class[] {}); } // Determine the type that declares the requested method, taking into account proxies @@ -109,7 +105,8 @@ public final class MethodInvocationUtils { * @param args the actual arguments that should be passed to SimpleMethodInvocation * @return a MethodInvocation, or null if there was a problem */ - public static MethodInvocation createFromClass(Object targetObject, Class clazz, String methodName, Class[] classArgs, Object[] args) { + public static MethodInvocation createFromClass(Object targetObject, Class clazz, String methodName, + Class[] classArgs, Object[] args) { Assert.notNull(clazz, "Class required"); Assert.hasText(methodName, "MethodName required"); @@ -117,7 +114,7 @@ public final class MethodInvocationUtils { try { method = clazz.getMethod(methodName, classArgs); - } catch (Exception e) { + } catch (NoSuchMethodException e) { return null; } diff --git a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java index 504af7dca9..e6efb0b496 100644 --- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java +++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java @@ -7,11 +7,10 @@ import org.jmock.Mockery; import org.junit.Before; import org.junit.Test; import org.springframework.expression.Expression; -import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.access.expression.ExpressionUtils; -import org.springframework.security.access.expression.method.MethodSecurityExpressionRoot; import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.core.Authentication; @@ -22,7 +21,7 @@ import org.springframework.security.core.Authentication; * @version $Id$ */ public class MethodSecurityExpressionRootTests { - SpelAntlrExpressionParser parser = new SpelAntlrExpressionParser(); + SpelExpressionParser parser = new SpelExpressionParser(); MethodSecurityExpressionRoot root; StandardEvaluationContext ctx; Mockery jmock = new Mockery(); diff --git a/pom.xml b/pom.xml index 9cd5b9ea44..f87ee282c7 100644 --- a/pom.xml +++ b/pom.xml @@ -86,7 +86,8 @@ com.springsource.repository.bundles.release SpringSource Enterprise Bundle Repository - SpringSource Bundle Releases http://repository.springsource.com/maven/bundles/release - + +--> false @@ -94,11 +95,11 @@ true - com.springsource.repository.bundles.snapshot - SpringSource Enterprise Bundle Repository - SpringSource Snapshot Releases - http://repository.springsource.com/maven/bundles/snapshot + com.springsource.repository.maven.snapshot + SpringSource Enterprise Bundle Maven Repository - SpringSource Snapshot Releases + http://maven.springframework.org/snapshot ---> + true @@ -106,7 +107,7 @@ false - Spring Framework Maven Milestone Releases + com.springsource.repository.maven.milestone Spring Framework Maven Milestone Releases (Maven Central Format) http://maven.springframework.org/milestone @@ -114,7 +115,7 @@ - com.springsource.repository.bundles.milestone + com.springsource.repository.maven.milestone SpringSource Enterprise Bundle Repository - SpringSource Milestone Releases http://repository.springsource.com/maven/bundles/milestone @@ -766,7 +767,7 @@ UTF-8 UTF-8 - 3.0.0.M3 + 3.0.0.BUILD-SNAPSHOT 1.1.2 6.1.18 diff --git a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java index 7c23543abd..110fe4d682 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java @@ -2,7 +2,7 @@ package org.springframework.security.web.access.expression; import org.springframework.expression.EvaluationContext; import org.springframework.expression.ExpressionParser; -import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser; +import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.access.expression.SecurityExpressionRoot; import org.springframework.security.authentication.AuthenticationTrustResolver; @@ -21,7 +21,7 @@ import org.springframework.security.web.FilterInvocation; public class DefaultWebSecurityExpressionHandler implements WebSecurityExpressionHandler { private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); - private ExpressionParser expressionParser = new SpelAntlrExpressionParser(); + private ExpressionParser expressionParser = new SpelExpressionParser(); public ExpressionParser getExpressionParser() { return expressionParser;