Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-975: Namespace security syntax does not interpret properties
http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.

Luke Taylor 17 years ago
parent
5e4634d216
commit
4542f00b14
2 changed files with 13 additions and 3 deletions
Split View Show Diff Stats
  1. 2 2
      core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
  2. 11 1
      core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

+ 2 - 2
core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
View File 

@@ -273,8 +273,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         exceptionTranslationFilterBuilder.addPropertyValue("createSessionAllowed", new Boolean(allowSessionCreation));
 
 
         if (StringUtils.hasText(accessDeniedPage)) {
 
-            AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
 
-            accessDeniedHandler.setErrorPage(accessDeniedPage);
 
+        	BeanDefinition accessDeniedHandler = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
 
+        	accessDeniedHandler.getPropertyValues().addPropertyValue("errorPage", accessDeniedPage);
 
             exceptionTranslationFilterBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler);
 
         }

+ 11 - 1
core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
View File 

@@ -267,7 +267,7 @@ public class HttpSecurityBeanDefinitionParserTests {
 
         assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage"));
 
     }
 
 
-    @Test(expected=BeanDefinitionStoreException.class)
 
+    @Test(expected=BeanCreationException.class)
 
     public void invalidAccessDeniedUrlIsDetected() throws Exception {
 
         setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>" + AUTH_PROVIDER_XML);
 
     }
 
@@ -318,6 +318,16 @@ public class HttpSecurityBeanDefinitionParserTests {
 
         assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080));
 
     }
 
 
+    @Test
 
+    public void accessDeniedPageWorkWithPlaceholders() throws Exception {
 
+        System.setProperty("accessDenied", "/go-away");
 
+        setContext(
 
+                "    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
 
+                "    <http auto-config='true' access-denied-page='${accessDenied}'/>" + AUTH_PROVIDER_XML);
 
+        ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
 
+        assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
 
+    }
 
+
 
     @Test
 
     public void externalFiltersAreTreatedCorrectly() throws Exception {
 
         // Decorated user-filters should be added to stack. The others should be ignored.