SEC-1158: Decoupling of Pre/Post annotations implementation from Spring EL.

2026-05-22 21:33:16 +00:00 · 2009-05-11 05:35:20 +00:00
parent 9875cbec8b
commit d5b7ce69cc
23 changed files with 36 additions and 41 deletions
@@ -4,7 +4,7 @@ import org.springframework.expression.EvaluationContext;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
 import org.springframework.expression.spel.support.StandardEvaluationContext;
-import org.springframework.security.access.expression.support.SecurityExpressionRoot;
+import org.springframework.security.access.expression.SecurityExpressionRoot;
 import org.springframework.security.authentication.AuthenticationTrustResolver;
 import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
 import org.springframework.security.core.Authentication;
@@ -16,7 +16,7 @@ import org.springframework.security.web.FilterInvocation;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class DefaultWebSecurityExpressionHandler implements WebSecurityExpressionHandler {

@@ -20,7 +20,7 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public final class ExpressionBasedFilterInvocationSecurityMetadataSource extends DefaultFilterInvocationSecurityMetadataSource {
    private final static Log logger = LogFactory.getLog(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
@@ -8,7 +8,7 @@ import org.springframework.security.access.ConfigAttribute;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 class WebExpressionConfigAttribute implements ConfigAttribute {
    private final Expression authorizeExpression;
@@ -3,9 +3,9 @@ package org.springframework.security.web.access.expression;
 import java.util.List;

 import org.springframework.expression.EvaluationContext;
+import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.expression.ExpressionUtils;
-import org.springframework.security.access.vote.AccessDecisionVoter;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;

@@ -13,7 +13,7 @@ import org.springframework.security.web.FilterInvocation;
 * Voter which handles web authorisation decisions.
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class WebExpressionVoter implements AccessDecisionVoter {
    private WebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
@@ -4,7 +4,7 @@ import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.util.Arrays;

-import org.springframework.security.access.expression.support.SecurityExpressionRoot;
+import org.springframework.security.access.expression.SecurityExpressionRoot;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.util.StringUtils;
@@ -13,7 +13,7 @@ import org.springframework.util.StringUtils;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 class WebSecurityExpressionRoot extends SecurityExpressionRoot {
    private FilterInvocation filterInvocation;
@@ -15,7 +15,7 @@

 package org.springframework.security.web.access.intercept;

-import org.springframework.security.access.intercept.SecurityMetadataSource;
+import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.web.FilterInvocation;


@@ -15,9 +15,9 @@

 package org.springframework.security.web.access.intercept;

+import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
 import org.springframework.security.access.intercept.InterceptorStatusToken;
-import org.springframework.security.access.intercept.SecurityMetadataSource;
 import org.springframework.security.web.FilterChainOrder;
 import org.springframework.security.web.FilterInvocation;
 import org.springframework.core.Ordered;
@@ -41,7 +41,7 @@ import org.springframework.util.StringUtils;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public abstract class AbstractAuthenticationTargetUrlRequestHandler {

@@ -19,7 +19,7 @@ import org.springframework.security.core.AuthenticationException;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public interface AuthenticationFailureHandler {

@@ -18,7 +18,7 @@ import org.springframework.security.core.Authentication;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 * @see
 */
 public interface AuthenticationSuccessHandler {
@@ -24,7 +24,7 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class ExceptionMappingAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private Map<String, String> failureUrlMap = new HashMap<String, String>();
@@ -46,7 +46,7 @@ import org.springframework.util.StringUtils;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

@@ -22,7 +22,7 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class SimpleUrlAuthenticationFailureHandler implements AuthenticationFailureHandler {
    private String defaultFailureUrl;
@@ -18,7 +18,7 @@ import org.springframework.security.core.Authentication;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public interface LogoutSuccessHandler {

@@ -15,7 +15,7 @@ import org.springframework.security.web.authentication.AbstractAuthenticationTar
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class SimpleUrlLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler
        implements LogoutSuccessHandler {
@@ -10,7 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class HttpRequestResponseHolder {
    HttpServletRequest request;
@@ -53,7 +53,7 @@ import org.springframework.util.ReflectionUtils;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
@@ -20,7 +20,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 * @author Luke Taylor
 * @author Marten Algesten
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends HttpServletResponseWrapper {

@@ -36,7 +36,7 @@ import org.springframework.security.web.SpringSecurityFilter;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class SecurityContextPersistenceFilter extends SpringSecurityFilter {

@@ -17,7 +17,7 @@ import org.springframework.security.core.context.SecurityContext;
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 *
 * @see SecurityContextPersistenceFilter
 * @see HttpSessionSecurityContextRepository
@@ -17,7 +17,7 @@ import org.springframework.security.web.access.expression.WebSecurityExpressionR
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class WebSecurityExpressionRootTests {

@@ -16,22 +16,6 @@
 package org.springframework.security.web.authentication;

 import static org.mockito.Mockito.mock;
-import junit.framework.TestCase;
-
-import org.springframework.security.MockFilterConfig;
-
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.memory.UserAttribute;
-
-
-import org.springframework.security.web.authentication.AnonymousProcessingFilter;
-
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;

 import java.io.IOException;

@@ -42,6 +26,17 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;

+import junit.framework.TestCase;
+
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.memory.UserAttribute;
+

 /**
 * Tests {@link AnonymousProcessingFilter}.
@@ -23,7 +23,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
 *
 * @author Luke Taylor
 * @version $Id$
- * @since 2.5
+ * @since 3.0
 */
 public class DefaultLoginPageGeneratingFilterTests {
    FilterChain chain = mock(FilterChain.class);