SEC-1589: Add support for property placeholder in intercept-methods access attribute.
This commit is contained in:
Luke Taylor
parent
173537f4f2
commit
f70942c6f5
|
|
@ -9,6 +9,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
|
|||
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||
import org.springframework.beans.factory.support.ManagedMap;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
|
|
@ -64,15 +65,17 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
|
|||
interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
|
||||
|
||||
// Lookup parent bean information
|
||||
Element parent = (Element) node.getParentNode();
|
||||
String parentBeanClass = parent.getAttribute("class");
|
||||
|
||||
String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
|
||||
|
||||
// Parse the included methods
|
||||
List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
|
||||
Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<String, List<ConfigAttribute>>();
|
||||
Map<String, BeanDefinition> mappings = new ManagedMap<String, BeanDefinition>();
|
||||
|
||||
for (Element protectmethodElt : methods) {
|
||||
String[] tokens = StringUtils.commaDelimitedListToStringArray(protectmethodElt.getAttribute(ATT_ACCESS));
|
||||
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
|
||||
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
|
||||
attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
|
||||
|
||||
// Support inference of class names
|
||||
String methodName = protectmethodElt.getAttribute(ATT_METHOD);
|
||||
|
|
@ -83,7 +86,7 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
|
|||
}
|
||||
}
|
||||
|
||||
mappings.put(methodName, SecurityConfig.createList(tokens));
|
||||
mappings.put(methodName, attributeBuilder.getBeanDefinition());
|
||||
}
|
||||
|
||||
BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
|
||||
|
|
|
|||
|
|
@ -25,6 +25,8 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
|
|||
|
||||
@Before
|
||||
public void loadContext() {
|
||||
// Set value for placeholder
|
||||
System.setProperty("admin.role", "ROLE_ADMIN");
|
||||
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml");
|
||||
target = (TestBusinessBean) appContext.getBean("target");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,11 +6,13 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
|
||||
|
||||
<b:bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
|
||||
<!-- This will add a security interceptor to the bean -->
|
||||
<intercept-methods>
|
||||
<protect method="org.springframework.security.config.TestBusinessBean.set*" access="ROLE_ADMIN" />
|
||||
<protect method="get*" access="ROLE_ADMIN,ROLE_USER" />
|
||||
<protect method="org.springframework.security.config.TestBusinessBean.set*" access="${admin.role}" />
|
||||
<protect method="get*" access="${admin.role},ROLE_USER" />
|
||||
<protect method="doSomething" access="ROLE_USER" />
|
||||
</intercept-methods>
|
||||
</b:bean>
|
||||
|
|
|
|||
Loading…
Reference in New Issue