Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-2507: WebExpressionVoter.supports support subclasses of FilterInvocation

This commit is contained in:
Rob Winch 2014-03-10 14:21:07 -05:00
parent e4a58375cc
commit ea902e5829
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
View File

@ -49,7 +49,7 @@ public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation>
}
public boolean supports(Class<?> clazz) {
return clazz.isAssignableFrom(FilterInvocation.class);
return FilterInvocation.class.isAssignableFrom(clazz);
}
public void setExpressionHandler(SecurityExpressionHandler<FilterInvocation> expressionHandler) {

30
web/src/test/java/org/springframework/security/web/access/expression/WebExpressionVoterTests.java
View File

@ -1,5 +1,6 @@
package org.springframework.security.web.access.expression;
import static org.fest.assertions.Assertions.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@ -19,6 +20,10 @@ import org.springframework.security.web.FilterInvocation;
import java.util.ArrayList;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/**
* @author Luke Taylor
*/
@ -63,4 +68,29 @@ public class WebExpressionVoterTests {
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(user, fi, attributes));
}
// SEC-2507
@Test
public void supportFilterInvocationSubClass() {
WebExpressionVoter voter = new WebExpressionVoter();
assertThat(voter.supports(FilterInvocationChild.class)).isTrue();
}
private static class FilterInvocationChild extends FilterInvocation {
public FilterInvocationChild(ServletRequest request,
ServletResponse response, FilterChain chain) {
super(request, response, chain);
}
}
@Test
public void supportFilterInvocation() {
WebExpressionVoter voter = new WebExpressionVoter();
assertThat(voter.supports(FilterInvocation.class)).isTrue();
}
@Test
public void supportsObjectIsFalse() {
WebExpressionVoter voter = new WebExpressionVoter();
assertThat(voter.supports(Object.class)).isFalse();
}
}