Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1454: Added use of Spring's new AopProxyUtils.ultimateTargetClass() method when resolving the target class in MethodSecurityEvaluationContext.

Browse Source
This commit is contained in:
Luke Taylor
2010-07-30 14:36:41 +01:00
parent 52edf115ce
commit ab248b2583
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/src/main/java/org/springframework/security/access/expression/method/MethodSecurityEvaluationContext.java
+10 -1
View File
@@ -5,6 +5,7 @@ import java.lang.reflect.Method;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.aop.framework.AopProxyUtils;
import org.springframework.aop.support.AopUtils;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
@@ -88,7 +89,15 @@ class MethodSecurityEvaluationContext extends StandardEvaluationContext {
}
Object targetObject = mi.getThis();
Method method = AopUtils.getMostSpecificMethod(mi.getMethod(), targetObject.getClass());
// SEC-1454
Class<?> targetClass = AopProxyUtils.ultimateTargetClass(targetObject);
if (targetClass == null) {
// TODO: Spring should do this, but there's a bug in ultimateTargetClass() which returns null
targetClass = targetObject.getClass();
}
Method method = AopUtils.getMostSpecificMethod(mi.getMethod(), targetClass);
String[] paramNames = parameterNameDiscoverer.getParameterNames(method);
if (paramNames == null) {