mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-30 16:52:13 +00:00
SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
This commit is contained in:
Luke Taylor
parent
5d486a51b6
commit
f213cc5d9e
@ -17,6 +17,7 @@ package org.springframework.security.acls;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -152,7 +153,7 @@ public class AclEntryVoter extends AbstractAclVoter {
|
||||
}
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
|
||||
for(ConfigAttribute attr : attributes) {
|
||||
|
||||
|
||||
@ -73,7 +73,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
|
||||
if (returnedObject == null) {
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
*/
|
||||
package org.springframework.security.acls.afterinvocation;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -75,7 +76,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
|
||||
if (returnedObject == null) {
|
||||
|
||||
@ -7,8 +7,6 @@ import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.BeanMetadataElement;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.BeanReference;
|
||||
@ -59,8 +57,6 @@ import org.w3c.dom.Element;
|
||||
* @since 3.0
|
||||
*/
|
||||
class HttpConfigurationBuilder {
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private static final String ATT_CREATE_SESSION = "create-session";
|
||||
private static final String OPT_CREATE_SESSION_NEVER = "never";
|
||||
private static final String DEF_CREATE_SESSION_IF_REQUIRED = "ifRequired";
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
@ -9,7 +9,7 @@ import org.springframework.security.core.Authentication;
|
||||
|
||||
public class MockAfterInvocationProvider implements AfterInvocationProvider {
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@ package org.springframework.security.config.http;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
@ -47,7 +47,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
" <intercept-url pattern='/**' access='ROLE_A'/>" +
|
||||
"</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
}
|
||||
@ -61,9 +61,9 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
|
||||
ExpressionBasedFilterInvocationSecurityMetadataSource fids =
|
||||
(ExpressionBasedFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
assertEquals(1, cad.size());
|
||||
assertEquals("hasRole('ROLE_A')", cad.get(0).toString());
|
||||
ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
|
||||
assertEquals(1, cad.length);
|
||||
assertEquals("hasRole('ROLE_A')", cad[0].toString());
|
||||
}
|
||||
|
||||
// SEC-1201
|
||||
@ -77,10 +77,10 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
" <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
|
||||
"</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertEquals(1, cad.size());
|
||||
assertEquals("ROLE_A", cad.get(0).getAttribute());
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@ -7,6 +7,7 @@ import static org.springframework.security.config.http.AuthenticationConfigBuild
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -286,7 +287,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
assertEquals(2, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
@ -314,10 +315,10 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
// Check the security attribute
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertNotNull(attrs);
|
||||
assertEquals(1, attrs.size());
|
||||
assertEquals("ROLE_A",attrs.get(0).getAttribute());
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
|
||||
|
||||
// Check the form login properties are set
|
||||
UsernamePasswordAuthenticationFilter apf = (UsernamePasswordAuthenticationFilter)
|
||||
@ -340,7 +341,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
assertEquals(2, attrs.size());
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
|
||||
@ -904,7 +905,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
}
|
||||
@ -942,7 +943,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
|
||||
// Try an unprotected invocation
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -41,7 +41,7 @@ public interface AccessDecisionManager {
|
||||
* @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
|
||||
* sufficient level of trust
|
||||
*/
|
||||
void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException, InsufficientAuthenticationException;
|
||||
|
||||
/**
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
@ -87,5 +87,5 @@ public interface AccessDecisionVoter {
|
||||
*
|
||||
* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
|
||||
*/
|
||||
int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);
|
||||
int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);
|
||||
}
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -30,7 +30,7 @@ import org.springframework.security.core.Authentication;
|
||||
public interface AfterInvocationProvider {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
|
||||
Object returnedObject) throws AccessDeniedException;
|
||||
|
||||
/**
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.access;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.aop.framework.AopInfrastructureBean;
|
||||
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
|
||||
@ -44,7 +43,7 @@ public interface SecurityMetadataSource extends AopInfrastructureBean {
|
||||
* @throws IllegalArgumentException if the passed object is not of a type supported by the
|
||||
* <code>SecurityMetadataSource</code> implementation
|
||||
*/
|
||||
List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
|
||||
Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
|
||||
|
||||
/**
|
||||
* If available, returns all of the <code>ConfigAttribute</code>s defined by the implementing class.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.access.annotation;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@ -43,7 +43,7 @@ public class Jsr250Voter implements AccessDecisionVoter {
|
||||
* @param definition The configuration definition.
|
||||
* @return The vote.
|
||||
*/
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> definition) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
|
||||
for (ConfigAttribute attribute : definition) {
|
||||
if (Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
|
||||
return ACCESS_GRANTED;
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.event;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||
@ -32,7 +32,7 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
|
||||
private List<ConfigAttribute> configAttribs;
|
||||
private Collection<ConfigAttribute> configAttribs;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -40,25 +40,25 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
|
||||
* Construct the event.
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param attributes that apply to the secure object
|
||||
* @param credentialsNotFoundException exception returned to the caller (contains reason)
|
||||
*
|
||||
*/
|
||||
public AuthenticationCredentialsNotFoundEvent(Object secureObject, List<ConfigAttribute> configAttribs,
|
||||
public AuthenticationCredentialsNotFoundEvent(Object secureObject, Collection<ConfigAttribute> attributes,
|
||||
AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
|
||||
super(secureObject);
|
||||
|
||||
if ((configAttribs == null) || (credentialsNotFoundException == null)) {
|
||||
if ((attributes == null) || (credentialsNotFoundException == null)) {
|
||||
throw new IllegalArgumentException("All parameters are required and cannot be null");
|
||||
}
|
||||
|
||||
this.configAttribs = configAttribs;
|
||||
this.configAttribs = attributes;
|
||||
this.credentialsNotFoundException = credentialsNotFoundException;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
public Collection<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttribs;
|
||||
}
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.event;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@ -38,7 +38,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
|
||||
private AccessDeniedException accessDeniedException;
|
||||
private Authentication authentication;
|
||||
private List<ConfigAttribute> configAttributeDefinition;
|
||||
private Collection<ConfigAttribute> configAttributes;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -46,22 +46,22 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
* Construct the event.
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param attributes that apply to the secure object
|
||||
* @param authentication that was found in the <code>SecurityContextHolder</code>
|
||||
* @param accessDeniedException that was returned by the
|
||||
* <code>AccessDecisionManager</code>
|
||||
*
|
||||
* @throws IllegalArgumentException if any null arguments are presented.
|
||||
*/
|
||||
public AuthorizationFailureEvent(Object secureObject, List<ConfigAttribute> configAttribs,
|
||||
public AuthorizationFailureEvent(Object secureObject, Collection<ConfigAttribute> attributes,
|
||||
Authentication authentication, AccessDeniedException accessDeniedException) {
|
||||
super(secureObject);
|
||||
|
||||
if ((configAttribs == null) || (authentication == null) || (accessDeniedException == null)) {
|
||||
if ((attributes == null) || (authentication == null) || (accessDeniedException == null)) {
|
||||
throw new IllegalArgumentException("All parameters are required and cannot be null");
|
||||
}
|
||||
|
||||
this.configAttributeDefinition = configAttribs;
|
||||
this.configAttributes = attributes;
|
||||
this.authentication = authentication;
|
||||
this.accessDeniedException = accessDeniedException;
|
||||
}
|
||||
@ -76,7 +76,7 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributeDefinition;
|
||||
public Collection<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributes;
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.event;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -32,7 +32,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private List<ConfigAttribute> configAttributeDefinition;
|
||||
private Collection<ConfigAttribute> configAttributes;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
@ -40,18 +40,18 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||
* Construct the event.
|
||||
*
|
||||
* @param secureObject the secure object
|
||||
* @param configAttribs that apply to the secure object
|
||||
* @param attributes that apply to the secure object
|
||||
* @param authentication that successfully called the secure object
|
||||
*
|
||||
*/
|
||||
public AuthorizedEvent(Object secureObject, List<ConfigAttribute> configAttribs, Authentication authentication) {
|
||||
public AuthorizedEvent(Object secureObject, Collection<ConfigAttribute> attributes, Authentication authentication) {
|
||||
super(secureObject);
|
||||
|
||||
if ((configAttribs == null) || (authentication == null)) {
|
||||
if ((attributes == null) || (authentication == null)) {
|
||||
throw new IllegalArgumentException("All parameters are required and cannot be null");
|
||||
}
|
||||
|
||||
this.configAttributeDefinition = configAttribs;
|
||||
this.configAttributes = attributes;
|
||||
this.authentication = authentication;
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributeDefinition;
|
||||
public Collection<ConfigAttribute> getConfigAttributes() {
|
||||
return configAttributes;
|
||||
}
|
||||
}
|
||||
|
||||
@ -17,7 +17,6 @@ package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -170,7 +169,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
+ getSecureObjectClass());
|
||||
}
|
||||
|
||||
List<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
|
||||
Collection<ConfigAttribute> attributes = this.obtainSecurityMetadataSource().getAttributes(object);
|
||||
|
||||
if (attributes == null) {
|
||||
if (rejectPublicInvocations) {
|
||||
@ -319,7 +318,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
||||
* @param secureObject that was being called
|
||||
* @param configAttribs that were defined for the secureObject
|
||||
*/
|
||||
private void credentialsNotFound(String reason, Object secureObject, List<ConfigAttribute> configAttribs) {
|
||||
private void credentialsNotFound(String reason, Object secureObject, Collection<ConfigAttribute> configAttribs) {
|
||||
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
|
||||
|
||||
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@ -57,7 +57,7 @@ public interface AfterInvocationManager {
|
||||
*
|
||||
* @param authentication the caller that invoked the method
|
||||
* @param object the secured object that was called
|
||||
* @param config the configuration attributes associated with the secured object that was invoked
|
||||
* @param attributes the configuration attributes associated with the secured object that was invoked
|
||||
* @param returnedObject the <code>Object</code> that was returned from the secure object invocation
|
||||
*
|
||||
* @return the <code>Object</code> that will ultimately be returned to the caller (if an implementation does not
|
||||
@ -66,7 +66,7 @@ public interface AfterInvocationManager {
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
|
||||
Object returnedObject) throws AccessDeniedException;
|
||||
|
||||
/**
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -63,7 +64,7 @@ public class AfterInvocationProviderManager implements AfterInvocationManager, I
|
||||
}
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
|
||||
Object result = returnedObject;
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -35,23 +35,23 @@ public class InterceptorStatusToken {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private Authentication authentication;
|
||||
private List<ConfigAttribute> attr;
|
||||
private Collection<ConfigAttribute> attr;
|
||||
private Object secureObject;
|
||||
private boolean contextHolderRefreshRequired;
|
||||
|
||||
//~ Constructors ===================================================================================================
|
||||
|
||||
public InterceptorStatusToken(Authentication authentication, boolean contextHolderRefreshRequired,
|
||||
List<ConfigAttribute> attr, Object secureObject) {
|
||||
Collection<ConfigAttribute> attributes, Object secureObject) {
|
||||
this.authentication = authentication;
|
||||
this.contextHolderRefreshRequired = contextHolderRefreshRequired;
|
||||
this.attr = attr;
|
||||
this.attr = attributes;
|
||||
this.secureObject = secureObject;
|
||||
}
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public List<ConfigAttribute> getAttributes() {
|
||||
public Collection<ConfigAttribute> getAttributes() {
|
||||
return attr;
|
||||
}
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -58,7 +58,7 @@ public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
||||
Assert.notNull(mi, "MethodInvocation required");
|
||||
Assert.notNull(mi.getMethod(), "MethodInvocation must provide a non-null getMethod()");
|
||||
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
|
||||
Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(mi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -32,7 +32,7 @@ import org.springframework.security.core.Authentication;
|
||||
final class NullRunAsManager implements RunAsManager {
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config) {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> config) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -71,12 +71,12 @@ public interface RunAsManager {
|
||||
*
|
||||
* @param authentication the caller invoking the secure object
|
||||
* @param object the secured object being called
|
||||
* @param config the configuration attributes associated with the secure object being invoked
|
||||
* @param attributes the configuration attributes associated with the secure object being invoked
|
||||
*
|
||||
* @return a replacement object to be used for duration of the secure object invocation, or <code>null</code> if
|
||||
* the <code>Authentication</code> should be left as is
|
||||
*/
|
||||
Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> config);
|
||||
Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);
|
||||
|
||||
/**
|
||||
* Indicates whether this <code>RunAsManager</code> is able to process the passed
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
@ -61,7 +62,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
|
||||
Assert.notNull(key, "A Key is required and should match that configured for the RunAsImplAuthenticationProvider");
|
||||
}
|
||||
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
List<GrantedAuthority> newAuthorities = new ArrayList<GrantedAuthority>();
|
||||
|
||||
for (ConfigAttribute attribute : attributes) {
|
||||
|
||||
@ -29,7 +29,7 @@ import org.springframework.util.Assert;
|
||||
import org.springframework.util.ClassUtils;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
|
||||
/**
|
||||
@ -46,7 +46,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public final List<ConfigAttribute> getAttributes(Object object) {
|
||||
public final Collection<ConfigAttribute> getAttributes(Object object) {
|
||||
if (object instanceof MethodInvocation) {
|
||||
MethodInvocation mi = (MethodInvocation) object;
|
||||
Object target = mi.getThis();
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.access.prepost;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -27,7 +27,7 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
|
||||
this.postAdvice = postAdvice;
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
|
||||
PostInvocationAttribute pia = findPostInvocationAttribute(config);
|
||||
@ -39,7 +39,7 @@ public class PostInvocationAdviceProvider implements AfterInvocationProvider {
|
||||
return postAdvice.after(authentication, (MethodInvocation)object, pia, returnedObject);
|
||||
}
|
||||
|
||||
private PostInvocationAttribute findPostInvocationAttribute(List<ConfigAttribute> config) {
|
||||
private PostInvocationAttribute findPostInvocationAttribute(Collection<ConfigAttribute> config) {
|
||||
for (ConfigAttribute attribute : config) {
|
||||
if (attribute instanceof PostInvocationAttribute) {
|
||||
return (PostInvocationAttribute)attribute;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.access.prepost;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.apache.commons.logging.Log;
|
||||
@ -39,7 +39,7 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
|
||||
return clazz.isAssignableFrom(MethodInvocation.class);
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
|
||||
// Find prefilter and preauth (or combined) attributes
|
||||
// if both null, abstain
|
||||
@ -57,7 +57,7 @@ public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVote
|
||||
return allowed ? ACCESS_GRANTED : ACCESS_DENIED;
|
||||
}
|
||||
|
||||
private PreInvocationAttribute findPreInvocationAttribute(List<ConfigAttribute> config) {
|
||||
private PreInvocationAttribute findPreInvocationAttribute(Collection<ConfigAttribute> config) {
|
||||
for (ConfigAttribute attribute : config) {
|
||||
if (attribute instanceof PreInvocationAttribute) {
|
||||
return (PreInvocationAttribute)attribute;
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
@ -42,7 +42,7 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
int deny = 0;
|
||||
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@ -86,7 +86,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
|
||||
for (ConfigAttribute attribute : attributes) {
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
@ -52,7 +52,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
int grant = 0;
|
||||
int deny = 0;
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@ -163,7 +164,7 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
|
||||
*
|
||||
* @return ACCESS_ABSTAIN, ACCESS_GRANTED, or ACCESS_DENIED.
|
||||
*/
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
@ -93,7 +92,7 @@ public class RoleVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Collection<GrantedAuthority> authorities = extractAuthorities(authentication);
|
||||
|
||||
|
||||
@ -16,6 +16,7 @@
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
@ -48,7 +49,7 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
|
||||
*
|
||||
* @throws AccessDeniedException if access is denied
|
||||
*/
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> attributes)
|
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
|
||||
throws AccessDeniedException {
|
||||
|
||||
int grant = 0;
|
||||
|
||||
@ -17,6 +17,7 @@ package org.springframework.security.access.annotation;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Before;
|
||||
@ -59,12 +60,12 @@ public class MethodDefinitionSourceEditorTigerTests {
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(3, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(makeLower);
|
||||
List<? extends ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
|
||||
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(makeLower);
|
||||
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
|
||||
assertEquals(expectedMakeLower, returnedMakeLower);
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
|
||||
List<? extends ConfigAttribute> expectedMakeUpper = SecurityConfig.createList(new String[]{"ROLE_FROM_IMPLEMENTATION"});
|
||||
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
|
||||
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList(new String[]{"ROLE_FROM_IMPLEMENTATION"});
|
||||
assertEquals(expectedMakeUpper, returnedMakeUpper);
|
||||
}
|
||||
|
||||
@ -79,8 +80,8 @@ public class MethodDefinitionSourceEditorTigerTests {
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(3, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
|
||||
List<? extends ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_PSI");
|
||||
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(makeUpper);
|
||||
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_PSI");
|
||||
assertEquals(expectedMakeUpper, returnedMakeUpper);
|
||||
}
|
||||
|
||||
|
||||
@ -43,11 +43,11 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void classLevelPreAnnotationIsPickedUpWhenNoMethodLevelExists() throws Exception {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(voidImpl1);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(voidImpl1).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(1, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs.get(0);
|
||||
assertEquals(1, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
|
||||
assertNotNull(pre.getAuthorizeExpression());
|
||||
assertEquals("someExpression", pre.getAuthorizeExpression().getExpressionString());
|
||||
assertNull(pre.getFilterExpression());
|
||||
@ -55,11 +55,11 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void mixedClassAndMethodPreAnnotationsAreBothIncluded() {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(voidImpl2);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(voidImpl2).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(1, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs.get(0);
|
||||
assertEquals(1, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
|
||||
assertEquals("someExpression", pre.getAuthorizeExpression().getExpressionString());
|
||||
assertNotNull(pre.getFilterExpression());
|
||||
assertEquals("somePreFilterExpression", pre.getFilterExpression().getExpressionString());
|
||||
@ -67,11 +67,11 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void methodWithPreFilterOnlyIsAllowed() {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(voidImpl3);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(voidImpl3).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(1, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs.get(0);
|
||||
assertEquals(1, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
|
||||
assertEquals("permitAll", pre.getAuthorizeExpression().getExpressionString());
|
||||
assertNotNull(pre.getFilterExpression());
|
||||
assertEquals("somePreFilterExpression", pre.getFilterExpression().getExpressionString());
|
||||
@ -79,13 +79,13 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void methodWithPostFilterOnlyIsAllowed() {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(listImpl1);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(listImpl1).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(2, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
assertTrue(attrs.get(1) instanceof PostInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs.get(0);
|
||||
PostInvocationExpressionAttribute post = (PostInvocationExpressionAttribute)attrs.get(1);
|
||||
assertEquals(2, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
assertTrue(attrs[1] instanceof PostInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute) attrs[0];
|
||||
PostInvocationExpressionAttribute post = (PostInvocationExpressionAttribute) attrs[1];
|
||||
assertEquals("permitAll", pre.getAuthorizeExpression().getExpressionString());
|
||||
assertNotNull(post.getFilterExpression());
|
||||
assertEquals("somePostFilterExpression", post.getFilterExpression().getExpressionString());
|
||||
@ -93,11 +93,11 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void interfaceAttributesAreIncluded() {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(notherListImpl1);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(notherListImpl1).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(1, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs.get(0);
|
||||
assertEquals(1, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs[0];
|
||||
assertNotNull(pre.getFilterExpression());
|
||||
assertNotNull(pre.getAuthorizeExpression());
|
||||
assertEquals("interfaceMethodAuthzExpression", pre.getAuthorizeExpression().getExpressionString());
|
||||
@ -106,11 +106,11 @@ public class PrePostAnnotationSecurityMetadataSourceTests {
|
||||
|
||||
@Test
|
||||
public void classAttributesTakesPrecedeceOverInterfaceAttributes() {
|
||||
List<ConfigAttribute> attrs = mds.getAttributes(notherListImpl2);
|
||||
ConfigAttribute[] attrs = mds.getAttributes(notherListImpl2).toArray(new ConfigAttribute[0]);
|
||||
|
||||
assertEquals(1, attrs.size());
|
||||
assertTrue(attrs.get(0) instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs.get(0);
|
||||
assertEquals(1, attrs.length);
|
||||
assertTrue(attrs[0] instanceof PreInvocationExpressionAttribute);
|
||||
PreInvocationExpressionAttribute pre = (PreInvocationExpressionAttribute)attrs[0];
|
||||
assertNotNull(pre.getFilterExpression());
|
||||
assertNotNull(pre.getAuthorizeExpression());
|
||||
assertEquals("interfaceMethodAuthzExpression", pre.getAuthorizeExpression().getExpressionString());
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
|
||||
package org.springframework.security.access.intercept;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
@ -151,7 +152,7 @@ public class AfterInvocationProviderManagerTests extends TestCase {
|
||||
this.configAttribute = configAttribute;
|
||||
}
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
|
||||
Object returnedObject) throws AccessDeniedException {
|
||||
if (config.contains(configAttribute)) {
|
||||
return forceReturnObject;
|
||||
|
||||
@ -17,6 +17,7 @@ package org.springframework.security.access.intercept.method;
|
||||
|
||||
import java.lang.reflect.AccessibleObject;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
@ -56,9 +57,9 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
Method method = clazz.getMethod("countLength", new Class[] {String.class});
|
||||
MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
|
||||
|
||||
List<? extends ConfigAttribute> returnedCountLength = map.getAttributes(joinPoint);
|
||||
Collection<ConfigAttribute> returnedCountLength = map.getAttributes(joinPoint);
|
||||
|
||||
List<? extends ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY");
|
||||
List<ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY");
|
||||
assertEquals(expectedCountLength, returnedCountLength);
|
||||
}
|
||||
|
||||
@ -108,16 +109,16 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(6, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<? extends ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
|
||||
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_FROM_INTERFACE");
|
||||
assertEquals(expectedMakeLower, returnedMakeLower);
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeUpperCase", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<? extends ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_IMPLEMENTATION");
|
||||
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "makeUpperCase", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_FROM_IMPLEMENTATION");
|
||||
assertEquals(expectedMakeUpper, returnedMakeUpper);
|
||||
|
||||
List<? extends ConfigAttribute> returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<? extends ConfigAttribute> expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_OTO");
|
||||
Collection<ConfigAttribute> returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new OtherTargetObject()));
|
||||
List<ConfigAttribute> expectedComputeHashCode = SecurityConfig.createList("ROLE_FROM_OTO");
|
||||
assertEquals(expectedComputeHashCode, returnedComputeHashCode);
|
||||
|
||||
returnedComputeHashCode = map.getAttributes(new MockMethodInvocation(ITargetObject.class, "computeHashCode", new Class[] {String.class}, new TargetObject()));
|
||||
@ -160,19 +161,19 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
assertEquals(14, map.getMethodMapSize());
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
Collection<ConfigAttribute> returnedMakeLower = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
"makeLowerCase", new Class[] {String.class}, new TargetObject()));
|
||||
List<? extends ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_LOWER");
|
||||
List<ConfigAttribute> expectedMakeLower = SecurityConfig.createList("ROLE_LOWER");
|
||||
assertEquals(expectedMakeLower, returnedMakeLower);
|
||||
|
||||
List<? extends ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
Collection<ConfigAttribute> returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
"makeUpperCase", new Class[] {String.class}, new TargetObject()));
|
||||
List<? extends ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_UPPER");
|
||||
List<ConfigAttribute> expectedMakeUpper = SecurityConfig.createList("ROLE_UPPER");
|
||||
assertEquals(expectedMakeUpper, returnedMakeUpper);
|
||||
|
||||
List<? extends ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
"countLength", new Class[] {String.class}, new TargetObject()));
|
||||
List<? extends ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_GENERAL");
|
||||
List<ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_GENERAL");
|
||||
assertEquals(expectedCountLength, returnedCountLength);
|
||||
}
|
||||
|
||||
@ -182,7 +183,7 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
List<? extends ConfigAttribute> configAttributeDefinition = map.getAttributes(new MockMethodInvocation(
|
||||
Collection<ConfigAttribute> configAttributeDefinition = map.getAttributes(new MockMethodInvocation(
|
||||
ITargetObject.class, "makeLowerCase", new Class[] {String.class}, new TargetObject()));
|
||||
assertNull(configAttributeDefinition);
|
||||
}
|
||||
@ -201,7 +202,7 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
|
||||
|
||||
MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
|
||||
|
||||
List<? extends ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
Collection<ConfigAttribute> returnedCountLength = map.getAttributes(new MockMethodInvocation(ITargetObject.class,
|
||||
"countLength", new Class[] {String.class}, new TargetObject()));
|
||||
assertEquals(SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"), returnedCountLength);
|
||||
}
|
||||
|
||||
@ -64,7 +64,7 @@ public class MockMethodSecurityMetadataSource implements MethodSecurityMetadataS
|
||||
}
|
||||
}
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
|
||||
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
|
||||
@ -25,6 +25,7 @@ import org.springframework.security.access.vote.AbstractAccessDecisionManager;
|
||||
import org.springframework.security.access.vote.RoleVoter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
@ -148,7 +149,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
|
||||
//~ Inner Classes ==================================================================================================
|
||||
|
||||
private class MockDecisionManagerImpl extends AbstractAccessDecisionManager {
|
||||
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
|
||||
throws AccessDeniedException {
|
||||
return;
|
||||
}
|
||||
@ -167,7 +168,7 @@ public class AbstractAccessDecisionManagerTests extends TestCase {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
throw new UnsupportedOperationException("mock method not implemented");
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,7 +4,7 @@ import static org.junit.Assert.*;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
@ -25,7 +25,7 @@ public class AbstractAclVoterTests {
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return false;
|
||||
}
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
return 0;
|
||||
}
|
||||
};
|
||||
|
||||
@ -19,8 +19,8 @@ import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Implementation of an {@link AccessDecisionVoter} for unit testing.
|
||||
@ -50,7 +50,7 @@ public class DenyAgainVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
Iterator<ConfigAttribute> iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
|
||||
@ -19,8 +19,8 @@ import org.springframework.security.access.AccessDecisionVoter;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
@ -46,7 +46,7 @@ public class DenyVoter implements AccessDecisionVoter {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
Iterator<ConfigAttribute> iter = attributes.iterator();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
|
||||
@ -20,8 +20,8 @@ import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.Principal;
|
||||
import java.util.Collection;
|
||||
import java.util.Enumeration;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
@ -120,7 +120,7 @@ public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPriv
|
||||
}
|
||||
|
||||
FilterInvocation fi = createFilterInvocation(contextPath, uri, method);
|
||||
List<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
|
||||
Collection<ConfigAttribute> attrs = securityInterceptor.obtainSecurityMetadataSource().getAttributes(fi);
|
||||
|
||||
if (attrs == null) {
|
||||
if (securityInterceptor.isRejectPublicInvocations()) {
|
||||
|
||||
@ -19,7 +19,7 @@ import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -38,7 +38,7 @@ public interface ChannelDecisionManager {
|
||||
* security based on the requested list of <tt>ConfigAttribute</tt>s.
|
||||
*
|
||||
*/
|
||||
void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException;
|
||||
void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException;
|
||||
|
||||
/**
|
||||
* Indicates whether this <code>ChannelDecisionManager</code> is able to process the passed
|
||||
|
||||
@ -25,6 +25,7 @@ import org.springframework.util.Assert;
|
||||
import java.io.IOException;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
@ -61,7 +62,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
|
||||
Assert.notEmpty(channelProcessors, "A list of ChannelProcessors is required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException {
|
||||
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
|
||||
|
||||
Iterator<ConfigAttribute> attrs = config.iterator();
|
||||
|
||||
|
||||
@ -18,7 +18,6 @@ package org.springframework.security.web.access.channel;
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
@ -94,7 +93,7 @@ public class ChannelProcessingFilter extends GenericFilterBean {
|
||||
HttpServletResponse response = (HttpServletResponse) res;
|
||||
|
||||
FilterInvocation fi = new FilterInvocation(request, response, chain);
|
||||
List<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);
|
||||
Collection<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);
|
||||
|
||||
if (attr != null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
|
||||
@ -19,7 +19,7 @@ import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -44,7 +44,7 @@ public interface ChannelProcessor {
|
||||
* security based on the requested list of <tt>ConfigAttribute</tt>s.
|
||||
*
|
||||
*/
|
||||
void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException;
|
||||
void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException;
|
||||
|
||||
/**
|
||||
* Indicates whether this <code>ChannelProcessor</code> is able to process the passed
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.web.access.channel;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -52,7 +52,7 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
|
||||
Assert.notNull(entryPoint, "entryPoint required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException {
|
||||
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
|
||||
if ((invocation == null) || (config == null)) {
|
||||
throw new IllegalArgumentException("Nulls cannot be provided");
|
||||
}
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
package org.springframework.security.web.access.channel;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
@ -52,7 +52,7 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
|
||||
Assert.notNull(entryPoint, "entryPoint required");
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config) throws IOException, ServletException {
|
||||
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException {
|
||||
Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
|
||||
|
||||
for (ConfigAttribute attribute : config) {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package org.springframework.security.web.access.expression;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.expression.EvaluationContext;
|
||||
import org.springframework.security.access.AccessDecisionVoter;
|
||||
@ -18,7 +18,7 @@ import org.springframework.security.web.FilterInvocation;
|
||||
public class WebExpressionVoter implements AccessDecisionVoter {
|
||||
private WebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
|
||||
|
||||
public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
|
||||
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
|
||||
assert authentication != null;
|
||||
assert object != null;
|
||||
assert attributes != null;
|
||||
@ -36,7 +36,7 @@ public class WebExpressionVoter implements AccessDecisionVoter {
|
||||
ACCESS_GRANTED : ACCESS_DENIED;
|
||||
}
|
||||
|
||||
private WebExpressionConfigAttribute findConfigAttribute(List<ConfigAttribute> attributes) {
|
||||
private WebExpressionConfigAttribute findConfigAttribute(Collection<ConfigAttribute> attributes) {
|
||||
for (ConfigAttribute attribute : attributes) {
|
||||
if (attribute instanceof WebExpressionConfigAttribute) {
|
||||
return (WebExpressionConfigAttribute)attribute;
|
||||
|
||||
@ -138,7 +138,7 @@ public class DefaultFilterInvocationSecurityMetadataSource implements FilterInvo
|
||||
}
|
||||
|
||||
|
||||
public List<ConfigAttribute> getAttributes(Object object) {
|
||||
public Collection<ConfigAttribute> getAttributes(Object object) {
|
||||
if ((object == null) || !this.supports(object.getClass())) {
|
||||
throw new IllegalArgumentException("Object must be a FilterInvocation");
|
||||
}
|
||||
|
||||
@ -18,6 +18,7 @@ package org.springframework.security.web.access.channel;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
@ -188,7 +189,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
|
||||
this.failIfCalled = failIfCalled;
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
Iterator iter = config.iterator();
|
||||
|
||||
|
||||
@ -163,7 +163,7 @@ public class ChannelProcessingFilterTests {
|
||||
this.supportAttribute = supportAttribute;
|
||||
}
|
||||
|
||||
public void decide(FilterInvocation invocation, List<ConfigAttribute> config)
|
||||
public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config)
|
||||
throws IOException, ServletException {
|
||||
if (commitAResponse) {
|
||||
invocation.getHttpResponse().sendRedirect("/redirected");
|
||||
|
||||
@ -18,6 +18,7 @@ package org.springframework.security.web.access.intercept;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
|
||||
@ -130,7 +131,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
createFids("/somepage**", "GET");
|
||||
|
||||
FilterInvocation fi = createFilterInvocation("/somepage", "GET");
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
assertEquals(def, attrs);
|
||||
}
|
||||
|
||||
@ -139,7 +140,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
createFids("/somepage**", null);
|
||||
|
||||
FilterInvocation fi = createFilterInvocation("/somepage", "GET");
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
assertEquals(def, attrs);
|
||||
}
|
||||
|
||||
@ -148,7 +149,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
createFids("/somepage**", "GET");
|
||||
|
||||
FilterInvocation fi = createFilterInvocation("/somepage", null);
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
assertNull(attrs);
|
||||
}
|
||||
|
||||
@ -161,7 +162,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
requestMap.put(new RequestKey("/somepage**", "POST"), postOnlyDef);
|
||||
fids = new DefaultFilterInvocationSecurityMetadataSource(new AntUrlPathMatcher(), requestMap);
|
||||
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(createFilterInvocation("/somepage", "POST"));
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterInvocation("/somepage", "POST"));
|
||||
assertEquals(postOnlyDef, attrs);
|
||||
}
|
||||
|
||||
@ -176,7 +177,7 @@ public class DefaultFilterInvocationSecurityMetadataSourceTests {
|
||||
fids.setStripQueryStringFromUrls(true);
|
||||
|
||||
FilterInvocation fi = createFilterInvocation("/user", "GET");
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(fi);
|
||||
assertEquals(userAttrs, attrs);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user