SEC-1438: Removed JoinPoint support from AbstractMethodSecurityMetadataSource

core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java

@@ -15,21 +15,13 @@
 
 package org.springframework.security.access.method;
 
-import org.springframework.security.access.ConfigAttribute;
+import java.util.Collection;
 
 import org.aopalliance.intercept.MethodInvocation;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-
 import org.aspectj.lang.JoinPoint;
-import org.aspectj.lang.reflect.CodeSignature;
-
-import org.springframework.util.Assert;
-import org.springframework.util.ClassUtils;
-
-import java.lang.reflect.Method;
-import java.util.Collection;
+import org.springframework.security.access.ConfigAttribute;
 
 
 /**
@@ -58,27 +50,7 @@ public abstract class AbstractMethodSecurityMetadataSource implements MethodSecu
             return getAttributes(mi.getMethod(), targetClass);
         }
 
-        if (object instanceof JoinPoint) {
-            JoinPoint jp = (JoinPoint) object;
-            Class<?> targetClass;
-
-            if (jp.getTarget() != null) {
-                targetClass = jp.getTarget().getClass();
-            } else {
-                // SEC-1295: target may be null if an ITD is in use
-                targetClass = jp.getSignature().getDeclaringType();
-            }
-            String targetMethodName = jp.getStaticPart().getSignature().getName();
-            Class<?>[] types = ((CodeSignature) jp.getStaticPart().getSignature()).getParameterTypes();
-            Class<?> declaringType = ((CodeSignature) jp.getStaticPart().getSignature()).getDeclaringType();
-
-            Method method = ClassUtils.getMethodIfAvailable(declaringType, targetMethodName, types);
-            Assert.notNull(method, "Could not obtain target method from JoinPoint: '"+ jp + "'");
-
-            return getAttributes(method, targetClass);
-        }
-
-        throw new IllegalArgumentException("Object must be a non-null MethodInvocation or JoinPoint");
+        throw new IllegalArgumentException("Object must be a non-null MethodInvocation");
     }
 
     public final boolean supports(Class<?> clazz) {

core/src/test/java/org/springframework/security/access/intercept/method/MethodSecurityMetadataSourceEditorTests.java

@@ -24,7 +24,6 @@ import junit.framework.TestCase;
 
 import org.aopalliance.intercept.MethodInvocation;
 import org.springframework.security.ITargetObject;
-import org.springframework.security.MockJoinPoint;
 import org.springframework.security.OtherTargetObject;
 import org.springframework.security.TargetObject;
 import org.springframework.security.access.ConfigAttribute;
@@ -46,22 +45,6 @@ public class MethodSecurityMetadataSourceEditorTests extends TestCase {
         super.setUp();
     }
 
-    public void testAspectJJointPointLookup() throws Exception {
-        MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();
-        editor.setAsText("org.springframework.security.TargetObject.countLength=ROLE_ONE,ROLE_TWO,RUN_AS_ENTRY");
-
-        MapBasedMethodSecurityMetadataSource map = (MapBasedMethodSecurityMetadataSource) editor.getValue();
-
-        Class<TargetObject> clazz = TargetObject.class;
-        Method method = clazz.getMethod("countLength", new Class[] {String.class});
-        MockJoinPoint joinPoint = new MockJoinPoint(new TargetObject(), method);
-
-        Collection<ConfigAttribute> returnedCountLength = map.getAttributes(joinPoint);
-
-        List<ConfigAttribute> expectedCountLength = SecurityConfig.createList("ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY");
-        assertEquals(expectedCountLength, returnedCountLength);
-    }
-
     public void testClassNameNotFoundResultsInException() {
         MethodSecurityMetadataSourceEditor editor = new MethodSecurityMetadataSourceEditor();