SEC-1434: Remove use of BeanDefinition of type java.lang.String which causes problems in Google App Engine.

This results in the method BeanUtils.findEditorByConvention attempting to get hold of the system classloader which isn't allowed by the security manager in GAE.

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -83,7 +83,7 @@ class HttpConfigurationBuilder {
     private final List<Element> interceptUrls;
 
     // Use ManagedMap to allow placeholder resolution
-    private ManagedMap<BeanDefinition, List<BeanMetadataElement>> filterChainMap;
+    private ManagedMap<Object, List<BeanMetadataElement>> filterChainMap;
 
     private BeanDefinition cpf;
     private BeanDefinition securityContextPersistenceFilter;
@@ -109,7 +109,7 @@ class HttpConfigurationBuilder {
     }
 
     void parseInterceptUrlsForEmptyFilterChains() {
-        filterChainMap = new ManagedMap<BeanDefinition, List<BeanMetadataElement>>();
+        filterChainMap = new ManagedMap<Object, List<BeanMetadataElement>>();
 
         for (Element urlElt : interceptUrls) {
             String path = urlElt.getAttribute(ATT_PATH_PATTERN);
@@ -464,7 +464,7 @@ class HttpConfigurationBuilder {
         return allowSessionCreation;
     }
 
-    public ManagedMap<BeanDefinition, List<BeanMetadataElement>> getFilterChainMap() {
+    public ManagedMap<Object, List<BeanMetadataElement>> getFilterChainMap() {
         return filterChainMap;
     }
 

config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java

@@ -135,10 +135,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
             filterChain.add(od.bean);
         }
 
-        ManagedMap<BeanDefinition, List<BeanMetadataElement>> filterChainMap = httpBldr.getFilterChainMap();
-        BeanDefinition universalMatch = new RootBeanDefinition(String.class);
-        universalMatch.getConstructorArgumentValues().addGenericArgumentValue(matcher.getUniversalMatchPattern());
-        filterChainMap.put(universalMatch, filterChain);
+        ManagedMap<Object, List<BeanMetadataElement>> filterChainMap = httpBldr.getFilterChainMap();
+        filterChainMap.put(matcher.getUniversalMatchPattern(), filterChain);
 
         registerFilterChainProxy(pc, filterChainMap, matcher, source);
 
@@ -247,7 +245,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
         return customFilters;
     }
 
-    private void registerFilterChainProxy(ParserContext pc, Map<BeanDefinition, List<BeanMetadataElement>> filterChainMap, UrlMatcher matcher, Object source) {
+    private void registerFilterChainProxy(ParserContext pc, Map<Object, List<BeanMetadataElement>> filterChainMap, UrlMatcher matcher, Object source) {
         if (pc.getRegistry().containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
             pc.getReaderContext().error("Duplicate <http> element detected", source);
         }