diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
index 88a11dee23..bbb1a32020 100644
--- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationProvider.java
@@ -210,7 +210,7 @@ public class JaasAuthenticationProvider extends AbstractJaasAuthenticationProvid
* @param ase The excetion that caused the authentication failure
*/
protected void publishFailureEvent(UsernamePasswordAuthenticationToken token, AuthenticationException ase) {
- // exists for passivity (the superclass does a null check before publishing)
+ // exists for passivity (the superclass does a null check before publishing)
getApplicationEventPublisher().publishEvent(new JaasAuthenticationFailedEvent(token, ase));
}
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
index e5e599297f..d732fcaadd 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AbstractAuthorizeTag.java
@@ -48,289 +48,285 @@ import org.springframework.web.context.support.WebApplicationContextUtils;
* A base class for an <authorize> tag that is independent of the tag rendering technology (JSP, Facelets).
* It treats tag attributes as simple strings rather than strings that may contain expressions with the
* exception of the "access" attribute, which is always expected to contain a Spring EL expression.
- *
+ *
* Subclasses are expected to extract tag attribute values from the specific rendering technology, evaluate
* them as expressions if necessary, and set the String-based attributes of this class.
*
* @author Francois Beausoleil
* @author Luke Taylor
* @author Rossen Stoyanchev
- *
* @since 3.1.0
*/
public abstract class AbstractAuthorizeTag {
- private String access;
- private String url;
- private String method;
- private String ifAllGranted;
- private String ifAnyGranted;
- private String ifNotGranted;
+ private String access;
+ private String url;
+ private String method;
+ private String ifAllGranted;
+ private String ifAnyGranted;
+ private String ifNotGranted;
- /**
- * This method allows subclasses to provide a way to access the ServletRequest according to the rendering
- * technology.
- */
- protected abstract ServletRequest getRequest();
+ /**
+ * This method allows subclasses to provide a way to access the ServletRequest according to the rendering
+ * technology.
+ */
+ protected abstract ServletRequest getRequest();
- /**
- * This method allows subclasses to provide a way to access the ServletResponse according to the rendering
- * technology.
- */
- protected abstract ServletResponse getResponse();
+ /**
+ * This method allows subclasses to provide a way to access the ServletResponse according to the rendering
+ * technology.
+ */
+ protected abstract ServletResponse getResponse();
- /**
- * This method allows subclasses to provide a way to access the ServletContext according to the rendering
- * technology.
- */
- protected abstract ServletContext getServletContext();
+ /**
+ * This method allows subclasses to provide a way to access the ServletContext according to the rendering
+ * technology.
+ */
+ protected abstract ServletContext getServletContext();
- /**
- * Make an authorization decision by considering all <authorize> tag attributes. The following are valid
- * combinations of attributes:
- *
- * - access
- * - url, method
- * - ifAllGranted, ifAnyGranted, ifNotGranted
- *
- * The above combinations are mutually exclusive and evaluated in the given order.
- *
- * @return the result of the authorization decision
- *
- * @throws IOException
- */
- public boolean authorize() throws IOException {
- boolean isAuthorized = false;
+ /**
+ * Make an authorization decision by considering all <authorize> tag attributes. The following are valid
+ * combinations of attributes:
+ *
+ * - access
+ * - url, method
+ * - ifAllGranted, ifAnyGranted, ifNotGranted
+ *
+ * The above combinations are mutually exclusive and evaluated in the given order.
+ *
+ * @return the result of the authorization decision
+ * @throws IOException
+ */
+ public boolean authorize() throws IOException {
+ boolean isAuthorized = false;
- if (StringUtils.hasText(getAccess())) {
- isAuthorized = authorizeUsingAccessExpression();
+ if (StringUtils.hasText(getAccess())) {
+ isAuthorized = authorizeUsingAccessExpression();
- } else if (StringUtils.hasText(getUrl())) {
- isAuthorized = authorizeUsingUrlCheck();
+ } else if (StringUtils.hasText(getUrl())) {
+ isAuthorized = authorizeUsingUrlCheck();
- } else {
- isAuthorized = authorizeUsingGrantedAuthorities();
+ } else {
+ isAuthorized = authorizeUsingGrantedAuthorities();
- }
+ }
- return isAuthorized;
- }
+ return isAuthorized;
+ }
- /**
- * Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any
- * combination can be provided. All provided attributes must evaluate to true.
- *
- * @return the result of the authorization decision
- */
- public boolean authorizeUsingGrantedAuthorities() {
- boolean hasTextAllGranted = StringUtils.hasText(getIfAllGranted());
- boolean hasTextAnyGranted = StringUtils.hasText(getIfAnyGranted());
- boolean hasTextNotGranted = StringUtils.hasText(getIfNotGranted());
+ /**
+ * Make an authorization decision by considering ifAllGranted, ifAnyGranted, and ifNotGranted. All 3 or any
+ * combination can be provided. All provided attributes must evaluate to true.
+ *
+ * @return the result of the authorization decision
+ */
+ public boolean authorizeUsingGrantedAuthorities() {
+ boolean hasTextAllGranted = StringUtils.hasText(getIfAllGranted());
+ boolean hasTextAnyGranted = StringUtils.hasText(getIfAnyGranted());
+ boolean hasTextNotGranted = StringUtils.hasText(getIfNotGranted());
- if ((!hasTextAllGranted) && (!hasTextAnyGranted) && (!hasTextNotGranted)) {
- return false;
- }
+ if ((!hasTextAllGranted) && (!hasTextAnyGranted) && (!hasTextNotGranted)) {
+ return false;
+ }
- final Collection granted = getPrincipalAuthorities();
+ final Collection granted = getPrincipalAuthorities();
- if (hasTextAllGranted) {
- if (!granted.containsAll(toAuthorities(getIfAllGranted()))) {
- return false;
- }
- }
+ if (hasTextAllGranted) {
+ if (!granted.containsAll(toAuthorities(getIfAllGranted()))) {
+ return false;
+ }
+ }
- if (hasTextAnyGranted) {
- Set grantedCopy = retainAll(granted, toAuthorities(getIfAnyGranted()));
- if (grantedCopy.isEmpty()) {
- return false;
- }
- }
+ if (hasTextAnyGranted) {
+ Set grantedCopy = retainAll(granted, toAuthorities(getIfAnyGranted()));
+ if (grantedCopy.isEmpty()) {
+ return false;
+ }
+ }
- if (hasTextNotGranted) {
- Set grantedCopy = retainAll(granted, toAuthorities(getIfNotGranted()));
- if (!grantedCopy.isEmpty()) {
- return false;
- }
- }
+ if (hasTextNotGranted) {
+ Set grantedCopy = retainAll(granted, toAuthorities(getIfNotGranted()));
+ if (!grantedCopy.isEmpty()) {
+ return false;
+ }
+ }
- return true;
- }
+ return true;
+ }
- /**
- * Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter
- * in Spring Security for details on what expressions can be used.
- *
- * @return the result of the authorization decision
- *
- * @throws IOException
- */
- public boolean authorizeUsingAccessExpression() throws IOException {
- Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
- if (currentUser == null) {
- return false;
- }
+ /**
+ * Make an authorization decision based on a Spring EL expression. See the "Expression-Based Access Control" chapter
+ * in Spring Security for details on what expressions can be used.
+ *
+ * @return the result of the authorization decision
+ * @throws IOException
+ */
+ public boolean authorizeUsingAccessExpression() throws IOException {
+ Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
+ if (currentUser == null) {
+ return false;
+ }
- SecurityExpressionHandler handler = getExpressionHandler();
+ SecurityExpressionHandler handler = getExpressionHandler();
- Expression accessExpression;
- try {
- accessExpression = handler.getExpressionParser().parseExpression(getAccess());
+ Expression accessExpression;
+ try {
+ accessExpression = handler.getExpressionParser().parseExpression(getAccess());
- } catch (ParseException e) {
- IOException ioException = new IOException();
- ioException.initCause(e);
- throw ioException;
- }
+ } catch (ParseException e) {
+ IOException ioException = new IOException();
+ ioException.initCause(e);
+ throw ioException;
+ }
- FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), new FilterChain() {
- public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
- throw new UnsupportedOperationException();
- }
- });
+ FilterInvocation f = new FilterInvocation(getRequest(), getResponse(), new FilterChain() {
+ public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
+ throw new UnsupportedOperationException();
+ }
+ });
- return ExpressionUtils.evaluateAsBoolean(accessExpression, handler.createEvaluationContext(currentUser, f));
- }
+ return ExpressionUtils.evaluateAsBoolean(accessExpression, handler.createEvaluationContext(currentUser, f));
+ }
- /**
- * Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is
- * allowed to access the given URL as defined.
- *
- * @return the result of the authorization decision
- *
- * @throws IOException
- */
- public boolean authorizeUsingUrlCheck() throws IOException {
- String contextPath = ((HttpServletRequest) getRequest()).getContextPath();
- Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
- return getPrivilegeEvaluator().isAllowed(contextPath, getUrl(), getMethod(), currentUser);
- }
+ /**
+ * Make an authorization decision based on the URL and HTTP method attributes. True is returned if the user is
+ * allowed to access the given URL as defined.
+ *
+ * @return the result of the authorization decision
+ * @throws IOException
+ */
+ public boolean authorizeUsingUrlCheck() throws IOException {
+ String contextPath = ((HttpServletRequest) getRequest()).getContextPath();
+ Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
+ return getPrivilegeEvaluator().isAllowed(contextPath, getUrl(), getMethod(), currentUser);
+ }
- public String getAccess() {
- return access;
- }
+ public String getAccess() {
+ return access;
+ }
- public void setAccess(String access) {
- this.access = access;
- }
+ public void setAccess(String access) {
+ this.access = access;
+ }
- public String getUrl() {
- return url;
- }
+ public String getUrl() {
+ return url;
+ }
- public void setUrl(String url) {
- this.url = url;
- }
+ public void setUrl(String url) {
+ this.url = url;
+ }
- public String getMethod() {
- return method;
- }
+ public String getMethod() {
+ return method;
+ }
- public void setMethod(String method) {
- this.method = (method != null) ? method.toUpperCase() : null;
- }
+ public void setMethod(String method) {
+ this.method = (method != null) ? method.toUpperCase() : null;
+ }
- public String getIfAllGranted() {
- return ifAllGranted;
- }
+ public String getIfAllGranted() {
+ return ifAllGranted;
+ }
- public void setIfAllGranted(String ifAllGranted) {
- this.ifAllGranted = ifAllGranted;
- }
+ public void setIfAllGranted(String ifAllGranted) {
+ this.ifAllGranted = ifAllGranted;
+ }
- public String getIfAnyGranted() {
- return ifAnyGranted;
- }
+ public String getIfAnyGranted() {
+ return ifAnyGranted;
+ }
- public void setIfAnyGranted(String ifAnyGranted) {
- this.ifAnyGranted = ifAnyGranted;
- }
+ public void setIfAnyGranted(String ifAnyGranted) {
+ this.ifAnyGranted = ifAnyGranted;
+ }
- public String getIfNotGranted() {
- return ifNotGranted;
- }
+ public String getIfNotGranted() {
+ return ifNotGranted;
+ }
- public void setIfNotGranted(String ifNotGranted) {
- this.ifNotGranted = ifNotGranted;
- }
+ public void setIfNotGranted(String ifNotGranted) {
+ this.ifNotGranted = ifNotGranted;
+ }
- /*------------- Private helper methods -----------------*/
+ /*------------- Private helper methods -----------------*/
- private Collection getPrincipalAuthorities() {
- Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
- if (null == currentUser) {
- return Collections.emptyList();
- }
- return currentUser.getAuthorities();
- }
+ private Collection getPrincipalAuthorities() {
+ Authentication currentUser = SecurityContextHolder.getContext().getAuthentication();
+ if (null == currentUser) {
+ return Collections.emptyList();
+ }
+ return currentUser.getAuthorities();
+ }
- private Set toAuthorities(String authorizations) {
- final Set requiredAuthorities = new HashSet();
- requiredAuthorities.addAll(AuthorityUtils.commaSeparatedStringToAuthorityList(authorizations));
- return requiredAuthorities;
- }
+ private Set toAuthorities(String authorizations) {
+ final Set requiredAuthorities = new HashSet();
+ requiredAuthorities.addAll(AuthorityUtils.commaSeparatedStringToAuthorityList(authorizations));
+ return requiredAuthorities;
+ }
- private Set retainAll(final Collection granted,
- final Set required) {
- Set grantedRoles = authoritiesToRoles(granted);
- Set requiredRoles = authoritiesToRoles(required);
- grantedRoles.retainAll(requiredRoles);
+ private Set retainAll(final Collection granted,
+ final Set required) {
+ Set grantedRoles = authoritiesToRoles(granted);
+ Set requiredRoles = authoritiesToRoles(required);
+ grantedRoles.retainAll(requiredRoles);
- return rolesToAuthorities(grantedRoles, granted);
- }
+ return rolesToAuthorities(grantedRoles, granted);
+ }
- private Set authoritiesToRoles(Collection c) {
- Set target = new HashSet();
- for (GrantedAuthority authority : c) {
- if (null == authority.getAuthority()) {
- throw new IllegalArgumentException(
- "Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process "
- + authority.toString());
- }
- target.add(authority.getAuthority());
- }
- return target;
- }
+ private Set authoritiesToRoles(Collection c) {
+ Set target = new HashSet();
+ for (GrantedAuthority authority : c) {
+ if (null == authority.getAuthority()) {
+ throw new IllegalArgumentException(
+ "Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process "
+ + authority.toString());
+ }
+ target.add(authority.getAuthority());
+ }
+ return target;
+ }
- private Set rolesToAuthorities(Set grantedRoles, Collection granted) {
- Set target = new HashSet();
- for (String role : grantedRoles) {
- for (GrantedAuthority authority : granted) {
- if (authority.getAuthority().equals(role)) {
- target.add(authority);
- break;
- }
- }
- }
- return target;
- }
+ private Set rolesToAuthorities(Set grantedRoles, Collection granted) {
+ Set target = new HashSet();
+ for (String role : grantedRoles) {
+ for (GrantedAuthority authority : granted) {
+ if (authority.getAuthority().equals(role)) {
+ target.add(authority);
+ break;
+ }
+ }
+ }
+ return target;
+ }
- private SecurityExpressionHandler getExpressionHandler() throws IOException {
- ApplicationContext appContext = WebApplicationContextUtils
- .getRequiredWebApplicationContext(getServletContext());
- Map handlers = appContext
- .getBeansOfType(SecurityExpressionHandler.class);
+ private SecurityExpressionHandler getExpressionHandler() throws IOException {
+ ApplicationContext appContext = WebApplicationContextUtils
+ .getRequiredWebApplicationContext(getServletContext());
+ Map handlers = appContext
+ .getBeansOfType(SecurityExpressionHandler.class);
- for (SecurityExpressionHandler h : handlers.values()) {
- if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(),
- SecurityExpressionHandler.class))) {
- return h;
- }
- }
+ for (SecurityExpressionHandler h : handlers.values()) {
+ if (FilterInvocation.class.equals(GenericTypeResolver.resolveTypeArgument(h.getClass(),
+ SecurityExpressionHandler.class))) {
+ return h;
+ }
+ }
- throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
- + "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
- }
+ throw new IOException("No visible WebSecurityExpressionHandler instance could be found in the application "
+ + "context. There must be at least one in order to support expressions in JSP 'authorize' tags.");
+ }
- private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
- ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
- Map wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
+ private WebInvocationPrivilegeEvaluator getPrivilegeEvaluator() throws IOException {
+ ApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
+ Map wipes = ctx.getBeansOfType(WebInvocationPrivilegeEvaluator.class);
- if (wipes.size() == 0) {
- throw new IOException(
- "No visible WebInvocationPrivilegeEvaluator instance could be found in the application "
- + "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
- }
+ if (wipes.size() == 0) {
+ throw new IOException(
+ "No visible WebInvocationPrivilegeEvaluator instance could be found in the application "
+ + "context. There must be at least one in order to support the use of URL access checks in 'authorize' tags.");
+ }
- return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
- }
+ return (WebInvocationPrivilegeEvaluator) wipes.values().toArray()[0];
+ }
}
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
index e4eb449033..a068ec14b5 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/JspAuthorizeTag.java
@@ -12,106 +12,103 @@ import javax.servlet.jsp.tagext.Tag;
import org.springframework.web.util.ExpressionEvaluationUtils;
/**
- * A JSP {@link Tag} implementation of {@link AbstractAuthorizeTag}.
- *
- * @since 3.1.0
- *
+ * A JSP {@link Tag} implementation of {@link AbstractAuthorizeTag}.
+ *
* @author Rossen Stoyanchev
- *
* @see AbstractAuthorizeTag
+ * @since 3.1.0
*/
public class JspAuthorizeTag extends AbstractAuthorizeTag implements Tag {
private Tag parent;
-
+
protected PageContext pageContext;
protected String id;
-
+
private String var;
/**
- * Invokes the base class {@link AbstractAuthorizeTag#authorize()} method to
+ * Invokes the base class {@link AbstractAuthorizeTag#authorize()} method to
* decide if the body of the tag should be skipped or not.
*
* @return {@link Tag#SKIP_BODY} or {@link Tag#EVAL_BODY_INCLUDE}
*/
- public int doStartTag() throws JspException {
- try {
- setIfNotGranted(ExpressionEvaluationUtils.evaluateString("ifNotGranted", getIfNotGranted(), pageContext));
- setIfAllGranted(ExpressionEvaluationUtils.evaluateString("ifAllGranted", getIfAllGranted(), pageContext));
- setIfAnyGranted(ExpressionEvaluationUtils.evaluateString("ifAnyGranted", getIfAnyGranted(), pageContext));
-
- int result = super.authorize() ? Tag.EVAL_BODY_INCLUDE : Tag.SKIP_BODY;
+ public int doStartTag() throws JspException {
+ try {
+ setIfNotGranted(ExpressionEvaluationUtils.evaluateString("ifNotGranted", getIfNotGranted(), pageContext));
+ setIfAllGranted(ExpressionEvaluationUtils.evaluateString("ifAllGranted", getIfAllGranted(), pageContext));
+ setIfAnyGranted(ExpressionEvaluationUtils.evaluateString("ifAnyGranted", getIfAnyGranted(), pageContext));
- if (var != null) {
- pageContext.setAttribute(var, Boolean.valueOf(result == EVAL_BODY_INCLUDE), PageContext.PAGE_SCOPE);
- }
-
- return result;
-
- } catch (IOException e) {
- throw new JspException(e);
- }
- }
+ int result = super.authorize() ? Tag.EVAL_BODY_INCLUDE : Tag.SKIP_BODY;
+
+ if (var != null) {
+ pageContext.setAttribute(var, Boolean.valueOf(result == EVAL_BODY_INCLUDE), PageContext.PAGE_SCOPE);
+ }
+
+ return result;
+
+ } catch (IOException e) {
+ throw new JspException(e);
+ }
+ }
/**
* Default processing of the end tag returning EVAL_PAGE.
*
* @return EVAL_PAGE
- *
* @see Tag#doEndTag()
*/
- public int doEndTag() {
- return EVAL_PAGE;
- }
+ public int doEndTag() {
+ return EVAL_PAGE;
+ }
- public String getId() {
- return id;
- }
+ public String getId() {
+ return id;
+ }
- public void setId(String id) {
- this.id = id;
- }
+ public void setId(String id) {
+ this.id = id;
+ }
- public Tag getParent() {
- return parent;
- }
+ public Tag getParent() {
+ return parent;
+ }
- public void setParent(Tag parent) {
- this.parent = parent;
- }
-
- public String getVar() {
- return var;
- }
+ public void setParent(Tag parent) {
+ this.parent = parent;
+ }
- public void setVar(String var) {
- this.var = var;
- }
+ public String getVar() {
+ return var;
+ }
- public void release() {
- parent = null;
- id = null;
- }
+ public void setVar(String var) {
+ this.var = var;
+ }
- public void setPageContext(PageContext pageContext) {
- this.pageContext = pageContext;
- }
+ public void release() {
+ parent = null;
+ id = null;
+ }
- @Override
- protected ServletRequest getRequest() {
- return pageContext.getRequest();
- }
+ public void setPageContext(PageContext pageContext) {
+ this.pageContext = pageContext;
+ }
- @Override
- protected ServletResponse getResponse() {
- return pageContext.getResponse();
- }
+ @Override
+ protected ServletRequest getRequest() {
+ return pageContext.getRequest();
+ }
- @Override
- protected ServletContext getServletContext() {
- return pageContext.getServletContext();
- }
+ @Override
+ protected ServletResponse getResponse() {
+ return pageContext.getResponse();
+ }
+
+ @Override
+ protected ServletContext getServletContext() {
+ return pageContext.getServletContext();
+ }
}