SEC-1257: Some additional API changes to use Collection instead of List...

config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java

@@ -1,5 +1,6 @@
 package org.springframework.security.config.http;
 
+import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
@@ -99,7 +100,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
             FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class, filters);
             DefaultFilterInvocationSecurityMetadataSource fids =
                     (DefaultFilterInvocationSecurityMetadataSource) fsi.getSecurityMetadataSource();
-            List<ConfigAttribute> attributes = fids.lookupAttributes(loginPage, "POST");
+            Collection<ConfigAttribute> attributes = fids.lookupAttributes(loginPage, "POST");
 
             if (attributes == null) {
                 logger.debug("No access attributes defined for login page URL");

core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java

@@ -39,11 +39,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
  */
 public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
-    protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
+    protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
         return processAnnotations(clazz.getAnnotations());
     }
 
-    protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
+    protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
         return processAnnotations(AnnotationUtils.getAnnotations(method));
     }
 

core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java

@@ -35,11 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
  */
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
-    protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
+    protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
         return processAnnotation(clazz.getAnnotation(Secured.class));
     }
 
-    protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
+    protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
         return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class));
     }
 

core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java

@@ -1,7 +1,7 @@
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.util.ClassUtils;
@@ -27,12 +27,12 @@ import org.springframework.util.ClassUtils;
  */
 public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 
-    public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
         // The method may be on an interface, but we need attributes from the target class.
         // If the target class is null, the method will be unchanged.
         Method specificMethod = ClassUtils.getMostSpecificMethod(method, targetClass);
         // First try is the method in the target class.
-        List<ConfigAttribute> attr = findAttributes(specificMethod, targetClass);
+        Collection<ConfigAttribute> attr = findAttributes(specificMethod, targetClass);
         if (attr != null) {
             return attr;
         }
@@ -68,7 +68,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr
      * @param targetClass the target class for the invocation (may be <code>null</code>)
      * @return the security metadata (or null if no metadata applies)
      */
-    protected abstract List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass);
+    protected abstract Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass);
 
     /**
      * Obtains the security metadata registered against the specified class.
@@ -82,7 +82,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr
      * @param clazz the target class for the invocation (never <code>null</code>)
      * @return the security metadata (or null if no metadata applies)
      */
-    protected abstract List<ConfigAttribute> findAttributes(Class<?> clazz);
+    protected abstract Collection<ConfigAttribute> findAttributes(Class<?> clazz);
 
 
 }

core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java

@@ -26,8 +26,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
     private final static List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
 
     private List<MethodSecurityMetadataSource> methodSecurityMetadataSources;
-    private final Map<DefaultCacheKey, List<ConfigAttribute>> attributeCache =
-        new HashMap<DefaultCacheKey, List<ConfigAttribute>>();
+    private final Map<DefaultCacheKey, Collection<ConfigAttribute>> attributeCache =
+        new HashMap<DefaultCacheKey, Collection<ConfigAttribute>>();
 
     //~ Methods ========================================================================================================
 
@@ -35,10 +35,10 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
         Assert.notNull(methodSecurityMetadataSources, "A list of MethodSecurityMetadataSources is required");
     }
 
-    public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
         DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass);
         synchronized (attributeCache) {
-            List<ConfigAttribute> cached = attributeCache.get(cacheKey);
+            Collection<ConfigAttribute> cached = attributeCache.get(cacheKey);
             // Check for canonical value indicating there is no config attribute,
             if (cached == NULL_CONFIG_ATTRIBUTE) {
                 return null;
@@ -49,7 +49,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod
             }
 
             // No cached value, so query the sources to find a result
-            List<ConfigAttribute> attributes = null;
+            Collection<ConfigAttribute> attributes = null;
             for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) {
                 attributes = s.getAttributes(method, targetClass);
                 if (attributes != null) {

core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java

@@ -72,14 +72,14 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod
     /**
      * Implementation does not support class-level attributes.
      */
-    protected List<ConfigAttribute> findAttributes(Class<?> clazz) {
+    protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
         return null;
     }
 
     /**
      * Will walk the method inheritance tree to find the most specific declaration applicable.
      */
-    protected List<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
+    protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
         if (targetClass == null) {
             return null;
         }

core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java

@@ -16,7 +16,7 @@
 package org.springframework.security.access.method;
 
 import java.lang.reflect.Method;
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityMetadataSource;
@@ -30,5 +30,5 @@ import org.springframework.security.access.SecurityMetadataSource;
  * @version $Id$
  */
 public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
-    public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass);
 }

core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java

@@ -4,7 +4,6 @@ import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 
 import org.springframework.core.annotation.AnnotationUtils;
 import org.springframework.security.access.ConfigAttribute;
@@ -38,7 +37,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
         this.attributeFactory = attributeFactory;
     }
 
-    public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
         if (method.getDeclaringClass() == Object.class) {
             return null;
         }

core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodDefinitionSourceTests.java

@@ -2,7 +2,7 @@ package org.springframework.security.access.annotation;
 
 import static org.junit.Assert.assertEquals;
 
-import java.util.List;
+import java.util.Collection;
 
 import javax.annotation.security.DenyAll;
 import javax.annotation.security.PermitAll;
@@ -12,7 +12,6 @@ import junit.framework.Assert;
 
 import org.junit.Test;
 import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource;
 
 /**
  * @author Luke Taylor
@@ -25,51 +24,55 @@ public class Jsr250MethodDefinitionSourceTests {
     UserAllowedClass userAllowed = new UserAllowedClass();
     DenyAllClass denyAll = new DenyAllClass();
 
+    private ConfigAttribute[] findAttributes(String methodName) throws Exception {
+        return mds.findAttributes(a.getClass().getMethod(methodName), null).toArray(new ConfigAttribute[0]);
+    }
+
     @Test
     public void methodWithRolesAllowedHasCorrectAttribute() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("adminMethod"), null);
-        assertEquals(1, accessAttributes.size());
-        assertEquals("ADMIN", accessAttributes.get(0).toString());
+        ConfigAttribute[] accessAttributes = findAttributes("adminMethod");
+        assertEquals(1, accessAttributes.length);
+        assertEquals("ADMIN", accessAttributes[0].toString());
     }
 
     @Test
     public void permitAllMethodHasPermitAllAttribute() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("permitAllMethod"), null);
-        assertEquals(1, accessAttributes.size());
-        assertEquals("javax.annotation.security.PermitAll", accessAttributes.get(0).toString());
+        ConfigAttribute[] accessAttributes = findAttributes("permitAllMethod");
+        assertEquals(1, accessAttributes.length);
+        assertEquals("javax.annotation.security.PermitAll", accessAttributes[0].toString());
     }
 
     @Test
     public void noRoleMethodHasDenyAllAttributeWithDenyAllClass() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass());
-        assertEquals(1, accessAttributes.size());
-        assertEquals("javax.annotation.security.DenyAll", accessAttributes.get(0).toString());
+        ConfigAttribute[] accessAttributes = mds.findAttributes(denyAll.getClass()).toArray(new ConfigAttribute[0]);
+        assertEquals(1, accessAttributes.length);
+        assertEquals("javax.annotation.security.DenyAll", accessAttributes[0].toString());
     }
 
     @Test
     public void adminMethodHasAdminAttributeWithDenyAllClass() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null);
+        Collection<ConfigAttribute> accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null);
         assertEquals(1, accessAttributes.size());
-        assertEquals("ADMIN", accessAttributes.get(0).toString());
+        assertEquals("ADMIN", accessAttributes.toArray()[0].toString());
     }
 
     @Test
     public void noRoleMethodHasNoAttributes() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null);
+        Collection<ConfigAttribute> accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null);
         Assert.assertNull(accessAttributes);
     }
 
     @Test
     public void classRoleIsAppliedToNoRoleMethod() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null);
+        Collection<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null);
         Assert.assertNull(accessAttributes);
     }
 
     @Test
     public void methodRoleOverridesClassRole() throws Exception {
-        List<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null);
+        Collection<ConfigAttribute> accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null);
         assertEquals(1, accessAttributes.size());
-        assertEquals("ADMIN", accessAttributes.get(0).toString());
+        assertEquals("ADMIN", accessAttributes.toArray()[0].toString());
     }
 
 //~ Inner Classes ======================================================================================================

core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java

@@ -15,7 +15,7 @@
 package org.springframework.security.access.annotation;
 
 import java.lang.reflect.Method;
-import java.util.List;
+import java.util.Collection;
 
 import junit.framework.TestCase;
 
@@ -23,7 +23,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource;
 import org.springframework.util.StringUtils;
 
 
@@ -52,7 +51,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
             fail("Should be a superMethod called 'someUserMethod3' on class!");
         }
 
-        List<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
+        Collection<ConfigAttribute> attrs = mds.findAttributes(method, DepartmentServiceImpl.class);
 
         assertNotNull(attrs);
 
@@ -76,7 +75,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
             fail("Should be a superMethod called 'someUserMethod3' on class!");
         }
 
-        List<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
+        Collection<ConfigAttribute> superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class);
 
         assertNotNull(superAttrs);
 
@@ -94,7 +93,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
     }
 
     public void testGetAttributesClass() {
-        List<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
+        Collection<ConfigAttribute> attrs = this.mds.findAttributes(BusinessService.class);
 
         assertNotNull(attrs);
 
@@ -102,7 +101,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
         assertEquals(1, attrs.size());
 
         // should have 1 SecurityConfig
-        SecurityConfig sc = ((SecurityConfig) attrs.get(0));
+        SecurityConfig sc = (SecurityConfig) attrs.toArray()[0];
 
         assertEquals("ROLE_USER", sc.getAttribute());
     }
@@ -116,7 +115,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test
             fail("Should be a method called 'someUserAndAdminMethod' on class!");
         }
 
-        List<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
+        Collection<ConfigAttribute> attrs = this.mds.findAttributes(method, BusinessService.class);
 
         assertNotNull(attrs);
 

core/src/test/java/org/springframework/security/access/intercept/method/MockMethodSecurityMetadataSource.java

@@ -68,7 +68,7 @@ public class MockMethodSecurityMetadataSource implements MethodSecurityMetadataS
         throw new UnsupportedOperationException("mock method not implemented");
     }
 
-    public List<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
         throw new UnsupportedOperationException("mock method not implemented");
     }