首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

#138 WebInvocationPrivilegeEvaluator has default value

Rob Winch 12 年之前
父节点
d8ed429370
当前提交
17bef05c3c
共有 4 个文件被更改,包括 53 次插入6 次删除
合并视图 显示文件统计
  1. 20 2
      config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
  2. 10 4
      config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
  3. 1 0
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
  4. 22 0
      config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy

+ 20 - 2
config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
查看文件 

@@ -88,6 +88,10 @@ public final class WebSecurity extends
 
 
 
     private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
 
     private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
 
 
 
+    private Runnable postBuildAction = new Runnable() {
 
+        public void run() {}
 
+    };
 
+
 
     /**
 
     /**
 
      * Creates a new instance
 
      * Creates a new instance
 
      * @see WebSecurityConfiguration
 
      * @see WebSecurityConfiguration
 
@@ -198,7 +202,7 @@ public final class WebSecurity extends
 
     /**
 
     /**
 
      * Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is
 
      * Set the {@link WebInvocationPrivilegeEvaluator} to be used. If this is
 
      * null, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be
 
      * null, then a {@link DefaultWebInvocationPrivilegeEvaluator} will be
 
-     * created when {@link #setSecurityInterceptor(FilterSecurityInterceptor)}
 
+     * created when {@link #securityInterceptor(FilterSecurityInterceptor)}
 
      * is non null.
 
      * is non null.
 
      *
 
      *
 
      * @param privilegeEvaluator
 
      * @param privilegeEvaluator
 
@@ -246,9 +250,22 @@ public final class WebSecurity extends
 
     /**
 
     /**
 
      * Sets the {@link FilterSecurityInterceptor}. This is typically invoked by {@link WebSecurityConfigurerAdapter}.
 
      * Sets the {@link FilterSecurityInterceptor}. This is typically invoked by {@link WebSecurityConfigurerAdapter}.
 
      * @param securityInterceptor the {@link FilterSecurityInterceptor} to use
 
      * @param securityInterceptor the {@link FilterSecurityInterceptor} to use
 
+     * @return the {@link WebSecurity} for further customizations
 
      */
 
      */
 
-    public void setSecurityInterceptor(FilterSecurityInterceptor securityInterceptor) {
 
+    public WebSecurity securityInterceptor(FilterSecurityInterceptor securityInterceptor) {
 
         this.filterSecurityInterceptor = securityInterceptor;
 
         this.filterSecurityInterceptor = securityInterceptor;
 
+        return this;
 
+    }
 
+
 
+    /**
 
+     * Executes the Runnable immediately after the build takes place
 
+     *
 
+     * @param postBuildAction
 
+     * @return the {@link WebSecurity} for further customizations
 
+     */
 
+    public WebSecurity postBuildAction(Runnable postBuildAction) {
 
+        this.postBuildAction = postBuildAction;
 
+        return this;
 
     }
 
     }
 
 
 
     @Override
 
     @Override
 
@@ -278,6 +295,7 @@ public final class WebSecurity extends
 
                     "********************************************************************\n\n");
 
                     "********************************************************************\n\n");
 
             result = new DebugFilter(filterChainProxy);
 
             result = new DebugFilter(filterChainProxy);
 
         }
 
         }
 
+        postBuildAction.run();
 
         return result;
 
         return result;
 
     }
 
     }

+ 10 - 4
config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
查看文件 

@@ -243,12 +243,17 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
 
     }
 
     }
 
 
 
     @Override
 
     @Override
 
-    public void init(WebSecurity web) throws Exception {
 
-        HttpSecurity http = getHttp();
 
-        FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
 
+    public void init(final WebSecurity web) throws Exception {
 
+        final HttpSecurity http = getHttp();
 
         web
 
         web
 
             .addSecurityFilterChainBuilder(http)
 
             .addSecurityFilterChainBuilder(http)
 
-            .setSecurityInterceptor(securityInterceptor);
 
+            .postBuildAction(new Runnable() {
 
+                @Override
 
+                public void run() {
 
+                    FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
 
+                    web.securityInterceptor(securityInterceptor);
 
+                }
 
+            });
 
     }
 
     }
 
 
 
     /**
 
     /**
 
@@ -298,6 +303,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
 
         this.objectPostProcessor = objectPostProcessor;
 
         this.objectPostProcessor = objectPostProcessor;
 
     }
 
     }
 
 
 
+
 
     /**
 
     /**
 
      * Delays the use of the {@link AuthenticationManager} build from the
 
      * Delays the use of the {@link AuthenticationManager} build from the
 
      * {@link AuthenticationManagerBuilder} to ensure that it has been fully
 
      * {@link AuthenticationManagerBuilder} to ensure that it has been fully

+ 1 - 0
config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
查看文件 

@@ -106,6 +106,7 @@ abstract class AbstractInterceptUrlConfigurer<H extends HttpSecurityBuilder<H>,C
 
         if(filterSecurityInterceptorOncePerRequest != null) {
 
         if(filterSecurityInterceptorOncePerRequest != null) {
 
             securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
 
             securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
 
         }
 
         }
 
+        securityInterceptor = postProcess(securityInterceptor);
 
         http.addFilter(securityInterceptor);
 
         http.addFilter(securityInterceptor);
 
         http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
 
         http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
 
     }
 
     }

+ 22 - 0
config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy
查看文件 

@@ -32,6 +32,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 
 import org.springframework.security.config.annotation.web.builders.WebSecurity
 
 import org.springframework.security.config.annotation.web.builders.WebSecurity
 
 import org.springframework.security.web.FilterChainProxy
 
 import org.springframework.security.web.FilterChainProxy
 
 import org.springframework.security.web.SecurityFilterChain
 
 import org.springframework.security.web.SecurityFilterChain
 
+import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator;
 
 import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
 
 import org.springframework.security.web.access.WebInvocationPrivilegeEvaluator;
 
 import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
 
 import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
 
 import org.springframework.security.web.access.expression.WebSecurityExpressionHandler;
 
 import org.springframework.security.web.access.expression.WebSecurityExpressionHandler;
 
@@ -235,4 +236,25 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
 
                     .anyRequest().authenticated()
 
                     .anyRequest().authenticated()
 
         }
 
         }
 
     }
 
     }
 
+
 
+    def "#138 WebInvocationPrivilegeEvaluator defaults"() {
 
+        when:
 
+            loadConfig(WebInvocationPrivilegeEvaluatorDefaultsConfig)
 
+        then:
 
+            WebInvocationPrivilegeEvaluator wipe = context.getBean(WebInvocationPrivilegeEvaluator)
 
+            wipe instanceof DefaultWebInvocationPrivilegeEvaluator
 
+            wipe.securityInterceptor != null
 
+    }
 
+
 
+    @EnableWebSecurity
 
+    @Configuration
 
+    static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
 
+
 
+        @Override
 
+        protected void configure(HttpSecurity http) throws Exception {
 
+            http
 
+                .authorizeUrls()
 
+                    .anyRequest().authenticated()
 
+        }
 
+    }
 
 }
 
 }