SEC-1749: Add support for PageContext lookup of objects and use of PermissionEvaluator when using web access expressions.
This commit is contained in:
Luke Taylor
+10
@@ -8,6 +8,7 @@ import org.springframework.expression.EvaluationContext;
|
||||
import org.springframework.expression.ExpressionParser;
|
||||
import org.springframework.expression.spel.standard.SpelExpressionParser;
|
||||
import org.springframework.expression.spel.support.StandardEvaluationContext;
|
||||
import org.springframework.security.access.PermissionEvaluator;
|
||||
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
@@ -25,6 +26,7 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
|
||||
private final ExpressionParser expressionParser = new SpelExpressionParser();
|
||||
private BeanResolver br;
|
||||
private RoleHierarchy roleHierarchy;
|
||||
private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
|
||||
|
||||
public final ExpressionParser getExpressionParser() {
|
||||
return expressionParser;
|
||||
@@ -77,6 +79,14 @@ public abstract class AbstractSecurityExpressionHandler<T> implements SecurityEx
|
||||
this.roleHierarchy = roleHierarchy;
|
||||
}
|
||||
|
||||
protected PermissionEvaluator getPermissionEvaluator() {
|
||||
return permissionEvaluator;
|
||||
}
|
||||
|
||||
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
|
||||
this.permissionEvaluator = permissionEvaluator;
|
||||
}
|
||||
|
||||
public void setApplicationContext(ApplicationContext applicationContext) {
|
||||
br = new BeanFactoryResolver(applicationContext);
|
||||
}
|
||||
|
||||
+2
-2
@@ -1,4 +1,4 @@
|
||||
package org.springframework.security.access.expression.method;
|
||||
package org.springframework.security.access.expression;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@@ -14,7 +14,7 @@ import org.springframework.security.core.Authentication;
|
||||
* @author Luke Taylor
|
||||
* @since 3.0
|
||||
*/
|
||||
class DenyAllPermissionEvaluator implements PermissionEvaluator {
|
||||
public class DenyAllPermissionEvaluator implements PermissionEvaluator {
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
+2
-6
@@ -14,6 +14,7 @@ import org.springframework.expression.spel.support.StandardEvaluationContext;
|
||||
import org.springframework.security.access.PermissionCacheOptimizer;
|
||||
import org.springframework.security.access.PermissionEvaluator;
|
||||
import org.springframework.security.access.expression.AbstractSecurityExpressionHandler;
|
||||
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
|
||||
import org.springframework.security.access.expression.ExpressionUtils;
|
||||
import org.springframework.security.access.expression.SecurityExpressionRoot;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -31,7 +32,6 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
|
||||
private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
|
||||
private PermissionCacheOptimizer permissionCacheOptimizer = null;
|
||||
|
||||
public DefaultMethodSecurityExpressionHandler() {
|
||||
@@ -48,7 +48,7 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
|
||||
protected SecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
|
||||
MethodSecurityExpressionRoot root = new MethodSecurityExpressionRoot(authentication);
|
||||
root.setThis(invocation.getThis());
|
||||
root.setPermissionEvaluator(permissionEvaluator);
|
||||
root.setPermissionEvaluator(getPermissionEvaluator());
|
||||
|
||||
return root;
|
||||
}
|
||||
@@ -140,10 +140,6 @@ public class DefaultMethodSecurityExpressionHandler extends AbstractSecurityExpr
|
||||
this.parameterNameDiscoverer = parameterNameDiscoverer;
|
||||
}
|
||||
|
||||
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
|
||||
this.permissionEvaluator = permissionEvaluator;
|
||||
}
|
||||
|
||||
public void setPermissionCacheOptimizer(PermissionCacheOptimizer permissionCacheOptimizer) {
|
||||
this.permissionCacheOptimizer = permissionCacheOptimizer;
|
||||
}
|
||||
|
||||
-13
@@ -7,8 +7,6 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.aop.framework.AopProxyUtils;
|
||||
import org.springframework.aop.support.AopUtils;
|
||||
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
|
||||
import org.springframework.core.ParameterNameDiscoverer;
|
||||
import org.springframework.expression.spel.support.StandardEvaluationContext;
|
||||
@@ -27,7 +25,6 @@ class MethodSecurityEvaluationContext extends StandardEvaluationContext {
|
||||
|
||||
private ParameterNameDiscoverer parameterNameDiscoverer;
|
||||
private final MethodInvocation mi;
|
||||
private ApplicationContext appContext;
|
||||
private boolean argumentsAdded;
|
||||
|
||||
/**
|
||||
@@ -64,16 +61,6 @@ class MethodSecurityEvaluationContext extends StandardEvaluationContext {
|
||||
return variable;
|
||||
}
|
||||
|
||||
if (appContext != null) {
|
||||
try {
|
||||
super.setVariable(name, appContext.getBean(name));
|
||||
|
||||
return super.lookupVariable(name);
|
||||
} catch (NoSuchBeanDefinitionException e) {
|
||||
logger.debug("Bean lookup for variable '" + name + "' failed");
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user