Changed FilterInvocationDefinitionSourceEditor to complain if the parsed URL or the config attribute is empty or null. Plus some comment tidying.

core/src/main/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditor.java

@@ -41,7 +41,7 @@ import java.io.StringReader;
  * presented).
  * </p>
  * 
- * <P>
+ * <p>
  * By default the class treats presented patterns as regular expressions. If
  * the keyword <code>PATTERN_TYPE_APACHE_ANT</code> is present (case
  * sensitive), patterns will be treated as Apache Ant paths rather than
@@ -117,11 +117,14 @@ public class FilterInvocationDefinitionSourceEditor
                 }
 
                 // Tokenize the line into its name/value tokens
-                String[] nameValue = StringUtils.delimitedListToStringArray(line,
+                String[] nameValue = StringUtils.delimitedListToStringArray(line, "=");
-                        "=");
                 String name = nameValue[0];
                 String value = nameValue[1];
 
+                if(!StringUtils.hasLength(name) || !StringUtils.hasLength(value)) {
+                    throw new IllegalArgumentException("Failed to parse a valid name/value pair from " + line);
+                }
+
                 // Convert value to series of security configuration attributes
                 ConfigAttributeEditor configAttribEd = new ConfigAttributeEditor();
                 configAttribEd.setAsText(value);

core/src/main/java/org/acegisecurity/intercept/web/PathBasedFilterInvocationDefinitionMap.java

@@ -31,10 +31,10 @@ import java.util.Vector;
 
 
 /**
- * Maintains a <Code>List</code> of <code>ConfigAttributeDefinition</code>s
+ * Maintains a <code>List</code> of <code>ConfigAttributeDefinition</code>s
  * associated with different HTTP request URL Apache Ant path-based patterns.
  * 
- * <P>
+ * <p>
  * Apache Ant path expressions are used to match a HTTP request URL against a
  * <code>ConfigAttributeDefinition</code>.
  * </p>
@@ -48,9 +48,12 @@ import java.util.Vector;
  * with the most general paths registered last.
  * </p>
  * 
- * <P>
+ * <p>
  * If no registered paths match the HTTP URL, <code>null</code> is returned.
  * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
  */
 public class PathBasedFilterInvocationDefinitionMap
     extends AbstractFilterInvocationDefinitionSource

core/src/test/java/org/acegisecurity/intercept/web/FilterInvocationDefinitionSourceEditorWithPathsTests.java

@@ -223,4 +223,14 @@ public class FilterInvocationDefinitionSourceEditorWithPathsTests
             .getValue();
         assertEquals(2, map.getMapSize());
     }
+
+    public void testInvalidNameValueFailsToParse() {
+        FilterInvocationDefinitionSourceEditor editor = new FilterInvocationDefinitionSourceEditor();
+        try {
+        // Use a "==" instead of an "="
+            editor.setAsText("         PATTERN_TYPE_APACHE_ANT\r\n    /secure/*==ROLE_SUPERVISOR,ROLE_TELLER      \r\n");
+            fail("Shouldn't be able to use '==' for config attribute.");
+        } catch(IllegalArgumentException expected) {
+        }
+    }
 }