10 лет назад · 002a78d87d
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandler.java
@@ -39,6 +39,7 @@ public class DefaultMessageSecurityExpressionHandler<T> extends AbstractSecurity
 
				     @Override
			
 
				     protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, Message<T> invocation) {
			
 
				         MessageSecurityExpressionRoot root = new MessageSecurityExpressionRoot(authentication,invocation);
			
 
				+        root.setPermissionEvaluator(getPermissionEvaluator());
			
 
				         root.setTrustResolver(trustResolver);
			
 
				         root.setRoleHierarchy(getRoleHierarchy());
			
 
				         return root;
			
--- a/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
+++ b/messaging/src/main/java/org/springframework/security/messaging/access/expression/MessageSecurityExpressionRoot.java
@@ -27,7 +27,10 @@ import org.springframework.security.core.Authentication;
 
				  */
			
 
				 final class MessageSecurityExpressionRoot extends SecurityExpressionRoot {
			
 
				 
			
 
				+    public final Message<?> message;
			
 
				+
			
 
				     public MessageSecurityExpressionRoot(Authentication authentication, Message<?> message) {
			
 
				         super(authentication);
			
 
				+        this.message = message;
			
 
				     }
			
 
				 }
			
--- a/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
+++ b/messaging/src/test/java/org/springframework/security/messaging/access/expression/DefaultMessageSecurityExpressionHandlerTests.java
@@ -27,6 +27,7 @@ import org.springframework.expression.EvaluationContext;
 
				 import org.springframework.expression.Expression;
			
 
				 import org.springframework.messaging.Message;
			
 
				 import org.springframework.messaging.support.GenericMessage;
			
 
				+import org.springframework.security.access.PermissionEvaluator;
			
 
				 import org.springframework.security.access.expression.ExpressionUtils;
			
 
				 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
			
 
				 import org.springframework.security.authentication.AnonymousAuthenticationToken;
			
@@ -39,6 +40,8 @@ import org.springframework.security.core.authority.AuthorityUtils;
 
				 public class DefaultMessageSecurityExpressionHandlerTests {
			
 
				     @Mock
			
 
				     AuthenticationTrustResolver trustResolver;
			
 
				+    @Mock
			
 
				+    PermissionEvaluator permissionEvaluator;
			
 
				 
			
 
				     DefaultMessageSecurityExpressionHandler<Object> handler;
			
 
				 
			
@@ -89,4 +92,14 @@ public class DefaultMessageSecurityExpressionHandlerTests {
 
				 
			
 
				         assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
			
 
				     }
			
 
				+
			
 
				+    @Test
			
 
				+    public void permissionEvaluator() {
			
 
				+        handler.setPermissionEvaluator(permissionEvaluator);
			
 
				+        EvaluationContext context = handler.createEvaluationContext(authentication, message);
			
 
				+        Expression expression = handler.getExpressionParser().parseExpression("hasPermission(message, 'read')");
			
 
				+        when(permissionEvaluator.hasPermission(authentication, message, "read")).thenReturn(true);
			
 
				+
			
 
				+        assertThat(ExpressionUtils.evaluateAsBoolean(expression, context)).isTrue();
			
 
				+    }
			
 
				 }