Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Prevent NullPointerException when not loaded from application context

This commit is contained in:
Carlos Sanchez 2006-07-05 15:58:20 +00:00
parent ae55e04522
commit d847772c81
2 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
View File

@ -41,6 +41,7 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware; import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.context.MessageSource; import org.springframework.context.MessageSource;
@ -276,7 +277,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
} catch (AccessDeniedException accessDeniedException) { } catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated, AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
accessDeniedException); accessDeniedException);
this.eventPublisher.publishEvent(event); publishEvent(event);
throw accessDeniedException; throw accessDeniedException;
} }
@ -286,7 +287,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
} }
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated); AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
this.eventPublisher.publishEvent(event); publishEvent(event);
// Attempt to run as a different user // Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr); Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
@ -311,7 +312,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
logger.debug("Public object - authentication not attempted"); logger.debug("Public object - authentication not attempted");
} }
this.eventPublisher.publishEvent(new PublicInvocationEvent(object)); publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation return null; // no further work post-invocation
} }
@ -330,7 +331,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject, AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
configAttribs, exception); configAttribs, exception);
this.eventPublisher.publishEvent(event); publishEvent(event);
throw exception; throw exception;
} }
@ -431,4 +432,10 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
public void setValidateConfigAttributes(boolean validateConfigAttributes) { public void setValidateConfigAttributes(boolean validateConfigAttributes) {
this.validateConfigAttributes = validateConfigAttributes; this.validateConfigAttributes = validateConfigAttributes;
} }
private void publishEvent(ApplicationEvent event) {
if (this.eventPublisher != null) {
this.eventPublisher.publishEvent(event);
}
}
} }

30
core/src/test/java/org/acegisecurity/intercept/web/FilterSecurityInterceptorTests.java
View File

@ -30,17 +30,16 @@ import org.acegisecurity.MockAuthenticationManager;
import org.acegisecurity.MockRunAsManager; import org.acegisecurity.MockRunAsManager;
import org.acegisecurity.RunAsManager; import org.acegisecurity.RunAsManager;
import org.acegisecurity.SecurityConfig; import org.acegisecurity.SecurityConfig;
import org.acegisecurity.context.SecurityContextHolder; import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.ServletException; import javax.servlet.ServletException;
@ -231,6 +230,31 @@ public class FilterSecurityInterceptorTests extends TestCase {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
public void testNotLoadedFromApplicationContext() throws Exception {
FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
mapping.setUrl("/secure/**");
mapping.addConfigAttribute("ROLE_USER");
List mappings = new ArrayList(1);
mappings.add(mapping);
PathBasedFilterInvocationDefinitionMap filterInvocationDefinitionSource = new PathBasedFilterInvocationDefinitionMap();
filterInvocationDefinitionSource
.setConvertUrlToLowercaseBeforeComparison(true);
filterInvocationDefinitionSource.setMappings(mappings);
FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
filter.setObjectDefinitionSource(filterInvocationDefinitionSource);
MockFilterChain filterChain = new MockFilterChain();
filterChain.expectToProceed = true;
FilterInvocation fi = new FilterInvocation(
new MockHttpServletRequest(), new MockHttpServletResponse(),
filterChain);
filter.invoke(fi);
}
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================
private class MockFilterChain implements FilterChain { private class MockFilterChain implements FilterChain {