SEC-1589: Add support for property placeholder in intercept-methods access attribute.
This commit is contained in:
Luke Taylor
parent
173537f4f2
commit
f70942c6f5
|
|
@ -9,6 +9,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
|
||||||
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
import org.springframework.beans.factory.config.BeanDefinitionHolder;
|
||||||
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
import org.springframework.beans.factory.config.RuntimeBeanReference;
|
||||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||||
|
import org.springframework.beans.factory.support.ManagedMap;
|
||||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||||
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
import org.springframework.beans.factory.xml.BeanDefinitionDecorator;
|
||||||
import org.springframework.beans.factory.xml.ParserContext;
|
import org.springframework.beans.factory.xml.ParserContext;
|
||||||
|
|
@ -64,15 +65,17 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
|
||||||
interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
|
interceptor.addPropertyValue("authenticationManager", new RuntimeBeanReference(BeanIds.AUTHENTICATION_MANAGER));
|
||||||
|
|
||||||
// Lookup parent bean information
|
// Lookup parent bean information
|
||||||
Element parent = (Element) node.getParentNode();
|
|
||||||
String parentBeanClass = parent.getAttribute("class");
|
String parentBeanClass = ((Element) node.getParentNode()).getAttribute("class");
|
||||||
|
|
||||||
// Parse the included methods
|
// Parse the included methods
|
||||||
List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
|
List<Element> methods = DomUtils.getChildElementsByTagName(interceptMethodsElt, Elements.PROTECT);
|
||||||
Map<String, List<ConfigAttribute>> mappings = new LinkedHashMap<String, List<ConfigAttribute>>();
|
Map<String, BeanDefinition> mappings = new ManagedMap<String, BeanDefinition>();
|
||||||
|
|
||||||
for (Element protectmethodElt : methods) {
|
for (Element protectmethodElt : methods) {
|
||||||
String[] tokens = StringUtils.commaDelimitedListToStringArray(protectmethodElt.getAttribute(ATT_ACCESS));
|
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
|
||||||
|
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
|
||||||
|
attributeBuilder.addConstructorArgValue(protectmethodElt.getAttribute(ATT_ACCESS));
|
||||||
|
|
||||||
// Support inference of class names
|
// Support inference of class names
|
||||||
String methodName = protectmethodElt.getAttribute(ATT_METHOD);
|
String methodName = protectmethodElt.getAttribute(ATT_METHOD);
|
||||||
|
|
@ -83,7 +86,7 @@ class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractIntercepto
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mappings.put(methodName, SecurityConfig.createList(tokens));
|
mappings.put(methodName, attributeBuilder.getBeanDefinition());
|
||||||
}
|
}
|
||||||
|
|
||||||
BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
|
BeanDefinition metadataSource = new RootBeanDefinition(MapBasedMethodSecurityMetadataSource.class);
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,8 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void loadContext() {
|
public void loadContext() {
|
||||||
|
// Set value for placeholder
|
||||||
|
System.setProperty("admin.role", "ROLE_ADMIN");
|
||||||
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml");
|
appContext = new ClassPathXmlApplicationContext("org/springframework/security/config/method-security.xml");
|
||||||
target = (TestBusinessBean) appContext.getBean("target");
|
target = (TestBusinessBean) appContext.getBean("target");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,11 +6,13 @@
|
||||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
|
||||||
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
|
||||||
|
|
||||||
|
<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>
|
||||||
|
|
||||||
<b:bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
|
<b:bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
|
||||||
<!-- This will add a security interceptor to the bean -->
|
<!-- This will add a security interceptor to the bean -->
|
||||||
<intercept-methods>
|
<intercept-methods>
|
||||||
<protect method="org.springframework.security.config.TestBusinessBean.set*" access="ROLE_ADMIN" />
|
<protect method="org.springframework.security.config.TestBusinessBean.set*" access="${admin.role}" />
|
||||||
<protect method="get*" access="ROLE_ADMIN,ROLE_USER" />
|
<protect method="get*" access="${admin.role},ROLE_USER" />
|
||||||
<protect method="doSomething" access="ROLE_USER" />
|
<protect method="doSomething" access="ROLE_USER" />
|
||||||
</intercept-methods>
|
</intercept-methods>
|
||||||
</b:bean>
|
</b:bean>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue