SEC-1897: Remove raw types from AbstractAccessDecisionManager

aspects/src/test/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspectTests.java

@@ -56,7 +56,7 @@ public class AnnotationSecurityAspectTests {
         adm = new AffirmativeBased();
         AccessDecisionVoter[] voters = new AccessDecisionVoter[]
                 {new RoleVoter(), new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice())};
-        adm.setDecisionVoters(Arrays.asList(voters));
+        adm.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
         interceptor.setAccessDecisionManager(adm);
         interceptor.setAuthenticationManager(authman);
         interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());

config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java

@@ -173,7 +173,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware {
      */
     @SuppressWarnings("rawtypes")
     protected AccessDecisionManager accessDecisionManager() {
-        List<AccessDecisionVoter> decisionVoters = new ArrayList<AccessDecisionVoter>();
+        List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
         ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
         expressionAdvice.setExpressionHandler(getExpressionHandler());
         if(prePostEnabled()) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java

@@ -103,7 +103,7 @@ abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConf
      *         default {@link AccessDecisionManager}
      */
     @SuppressWarnings("rawtypes")
-    abstract List<AccessDecisionVoter> getDecisionVoters(H http);
+    abstract List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http);
 
     abstract class AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R,T>,T> extends AbstractConfigAttributeRequestMatcherRegistry<T> {
 

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

@@ -141,8 +141,8 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
     @Override
     @SuppressWarnings("rawtypes")
-    final List<AccessDecisionVoter> getDecisionVoters(H http) {
-        List<AccessDecisionVoter> decisionVoters = new ArrayList<AccessDecisionVoter>();
+    final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
+        List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
         WebExpressionVoter expressionVoter = new WebExpressionVoter();
         expressionVoter.setExpressionHandler(getExpressionHandler(http));
         decisionVoters.add(expressionVoter);
@@ -213,8 +213,6 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
         /**
          * Negates the following expression.
          *
-         * @param role the role to require (i.e. USER, ADMIN, etc). Note, it should not start with "ROLE_" as
-         *             this is automatically inserted.
          * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customization
          */
         public AuthorizedUrl not() {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java

@@ -81,14 +81,12 @@ import org.springframework.util.Assert;
  *
  * <ul>
  * <li>
- * {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#getAuthenticationManager()}
+ * AuthenticationManager
  * </li>
  * </ul>
  *
  * @param <H>
  *            the type of {@link HttpSecurityBuilder} that is being configured
- * @param <C>
- *            the type of object that is being chained
  *
  * @author Rob Winch
  * @since 3.2
@@ -144,15 +142,14 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 
     /**
      * Creates the default {@link AccessDecisionVoter} instances used if an
-     * {@link AccessDecisionManager} was not specified using
-     * {@link #accessDecisionManager(AccessDecisionManager)}.
+     * {@link AccessDecisionManager} was not specified.
      *
      * @param http the builder to use
      */
     @Override
     @SuppressWarnings("rawtypes")
-    final List<AccessDecisionVoter> getDecisionVoters(H http) {
-        List<AccessDecisionVoter> decisionVoters = new ArrayList<AccessDecisionVoter>();
+    final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
+        List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
         decisionVoters.add(new RoleVoter());
         decisionVoters.add(new AuthenticatedVoter());
         return decisionVoters;
@@ -236,7 +233,6 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
         /**
          * Creates a new instance
          * @param requestMatchers the {@link RequestMatcher} instances to map to some {@link ConfigAttribute} instances.
-         * @see UrlAuthorizationConfigurer#chainRequestMatchers(List)
          */
         private AuthorizedUrl(List<RequestMatcher> requestMatchers) {
             Assert.notEmpty(requestMatchers, "requestMatchers must contain at least one value");

config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java

@@ -81,7 +81,7 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
     @Bean
     public ChannelSecurityInterceptor inboundChannelSecurity() {
         ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(inboundMessageSecurityMetadataSource());
-        List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
+        List<AccessDecisionVoter<? extends Object>> voters = new ArrayList<AccessDecisionVoter<? extends Object>>();
         voters.add(new MessageExpressionVoter());
         AffirmativeBased manager = new AffirmativeBased(voters);
         channelSecurityInterceptor.setAccessDecisionManager(manager);

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerConfigs.java

@@ -55,7 +55,7 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
         protected void configure(HttpSecurity http) throws Exception {
             SecurityExpressionHandler<FilterInvocation> handler = new DefaultWebSecurityExpressionHandler();
             WebExpressionVoter expressionVoter = new WebExpressionVoter();
-            AffirmativeBased adm = new AffirmativeBased(Arrays.<AccessDecisionVoter>asList(expressionVoter));
+            AffirmativeBased adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(expressionVoter));
             http
                 .authorizeRequests()
                     .expressionHandler(handler)

core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java

@@ -44,7 +44,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
     //~ Instance fields ================================================================================================
     protected final Log logger = LogFactory.getLog(getClass());
 
-    private List<AccessDecisionVoter> decisionVoters;
+    private List<AccessDecisionVoter<? extends Object>> decisionVoters;
 
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
 
@@ -53,7 +53,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
     protected AbstractAccessDecisionManager() {
     }
 
-    protected AbstractAccessDecisionManager(List<AccessDecisionVoter> decisionVoters) {
+    protected AbstractAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
         Assert.notEmpty(decisionVoters, "A list of AccessDecisionVoters is required");
         this.decisionVoters = decisionVoters;
     }
@@ -72,7 +72,7 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
         }
     }
 
-    public List<AccessDecisionVoter> getDecisionVoters() {
+    public List<AccessDecisionVoter<? extends Object>> getDecisionVoters() {
         return this.decisionVoters;
     }
 
@@ -88,10 +88,10 @@ public abstract class AbstractAccessDecisionManager implements AccessDecisionMan
      * @deprecated Use constructor
      */
     @Deprecated
-    public void setDecisionVoters(List<AccessDecisionVoter> newList) {
+    public void setDecisionVoters(List<AccessDecisionVoter<? extends Object>> newList) {
         Assert.notEmpty(newList);
 
-        Iterator<AccessDecisionVoter> iter = newList.iterator();
+        Iterator<AccessDecisionVoter<? extends Object>> iter = newList.iterator();
 
         while (iter.hasNext()) {
             Object currentObject = iter.next();

core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java

@@ -36,7 +36,7 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
     public AffirmativeBased() {
     }
 
-    public AffirmativeBased(List<AccessDecisionVoter> decisionVoters) {
+    public AffirmativeBased(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
         super(decisionVoters);
     }
 

core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java

@@ -41,7 +41,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
     public ConsensusBased() {
     }
 
-    public ConsensusBased(List<AccessDecisionVoter> decisionVoters) {
+    public ConsensusBased(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
         super(decisionVoters);
     }
 

core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java

@@ -38,7 +38,7 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
     public UnanimousBased() {
     }
 
-    public UnanimousBased(List<AccessDecisionVoter> decisionVoters) {
+    public UnanimousBased(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
         super(decisionVoters);
     }
 

core/src/test/java/org/springframework/security/access/vote/AffirmativeBasedTests.java

@@ -61,32 +61,32 @@ public class AffirmativeBasedTests {
 
     @Test
     public void oneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccess() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(grant, deny, abstain));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, deny, abstain));
         mgr.afterPropertiesSet();
         mgr.decide(user, new Object(), attrs);
     }
 
     @Test
     public void oneDenyVoteOneAbstainVoteOneAffirmativeVoteGrantsAccess() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(deny, abstain, grant));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, grant));
         mgr.decide(user, new Object(), attrs);
     }
 
     @Test
     public void oneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(grant, abstain, abstain));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(grant, abstain, abstain));
         mgr.decide(user, new Object(), attrs);
     }
 
     @Test(expected=AccessDeniedException.class)
     public void oneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(deny, abstain, abstain));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(deny, abstain, abstain));
         mgr.decide(user, new Object(), attrs);
     }
 
     @Test(expected=AccessDeniedException.class)
     public void onlyAbstainVotesDeniesAccessWithDefault() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(abstain, abstain, abstain));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
         mgr.decide(user, new Object(), attrs);
@@ -94,7 +94,7 @@ public class AffirmativeBasedTests {
 
     @Test
     public void testThreeAbstainVotesGrantsAccessIfAllowIfAllAbstainDecisionsIsSet() throws Exception {
-        mgr.setDecisionVoters(Arrays.asList(abstain, abstain, abstain));
+        mgr.setDecisionVoters(Arrays.<AccessDecisionVoter<? extends Object>>asList(abstain, abstain, abstain));
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 

core/src/test/java/org/springframework/security/access/vote/ConsensusBasedTests.java

@@ -110,7 +110,7 @@ public class ConsensusBasedTests {
         RoleVoter roleVoter = new RoleVoter();
         DenyVoter denyForSureVoter = new DenyVoter();
         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
-        List<AccessDecisionVoter> voters = new Vector<AccessDecisionVoter>();
+        List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
         voters.add(roleVoter);
         voters.add(denyForSureVoter);
         voters.add(denyAgainForSureVoter);

core/src/test/java/org/springframework/security/access/vote/UnanimousBasedTests.java

@@ -43,7 +43,7 @@ public class UnanimousBasedTests extends TestCase {
         RoleVoter roleVoter = new RoleVoter();
         DenyVoter denyForSureVoter = new DenyVoter();
         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
-        List<AccessDecisionVoter> voters = new Vector<AccessDecisionVoter>();
+        List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
         voters.add(roleVoter);
         voters.add(denyForSureVoter);
         voters.add(denyAgainForSureVoter);
@@ -59,7 +59,7 @@ public class UnanimousBasedTests extends TestCase {
 
         DenyVoter denyForSureVoter = new DenyVoter();
         DenyAgainVoter denyAgainForSureVoter = new DenyAgainVoter();
-        List<AccessDecisionVoter> voters = new Vector<AccessDecisionVoter>();
+        List<AccessDecisionVoter<? extends Object>> voters = new Vector<AccessDecisionVoter<? extends Object>>();
         voters.add(roleVoter);
         voters.add(denyForSureVoter);
         voters.add(denyAgainForSureVoter);