SEC-1033: Fixed missing AuthenticationTrustResolver in web SecurityExpressionRoot. Converted some logging to trace level.

core/src/main/java/org/springframework/security/expression/method/ExpressionAnnotationMethodDefinitionSource.java

@@ -58,7 +58,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
             return null;
         }
 
-        logger.debug("Looking for expression annotations for method '" +
+        logger.trace("Looking for expression annotations for method '" +
                 method.getName() + "' on target class '" + targetClass + "'");
         PreFilter preFilter = findAnnotation(method, targetClass, PreFilter.class);
         PreAuthorize preAuthorize = findAnnotation(method, targetClass, PreAuthorize.class);
@@ -68,7 +68,7 @@ public class ExpressionAnnotationMethodDefinitionSource extends AbstractMethodDe
 
         if (preFilter == null && preAuthorize == null && postFilter == null && postAuthorize == null ) {
             // There is no meta-data so return
-            logger.debug("No expression annotations found");
+            logger.trace("No expression annotations found");
             return null;
         }
 

core/src/main/java/org/springframework/security/expression/support/DefaultSecurityExpressionHandler.java

@@ -61,6 +61,7 @@ public class DefaultSecurityExpressionHandler implements SecurityExpressionHandl
     public EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation fi) {
         StandardEvaluationContext ctx = new StandardEvaluationContext();
         SecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
+        root.setTrustResolver(trustResolver);
         ctx.setRootObject(root);
 
         return ctx;

core/src/main/java/org/springframework/security/expression/support/SecurityExpressionRoot.java

@@ -69,6 +69,10 @@ abstract class SecurityExpressionRoot {
         return trustResolver.isAnonymous(authentication);
     }
 
+    public final boolean isAuthenticated() {
+        return !isAnonymous();
+    }
+
     public final boolean isRememberMe() {
         return trustResolver.isRememberMe(authentication);
     }

core/src/main/java/org/springframework/security/expression/web/WebExpressionConfigAttribute.java

@@ -25,4 +25,8 @@ class WebExpressionConfigAttribute implements ConfigAttribute {
         return null;
     }
 
+    @Override
+    public String toString() {
+        return authorizeExpression.getExpressionString();
+    }
 }

core/src/main/java/org/springframework/security/expression/web/WebExpressionVoter.java

@@ -21,6 +21,10 @@ public class WebExpressionVoter implements AccessDecisionVoter {
     private SecurityExpressionHandler expressionHandler = new DefaultSecurityExpressionHandler();
 
     public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+        assert authentication != null;
+        assert object != null;
+        assert attributes != null;
+
         WebExpressionConfigAttribute weca = findConfigAttribute(attributes);
 
         if (weca == null) {