15 年之前 · bcb1ff8921
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@@ -135,7 +135,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
 
				             if (useExpressions) {
			
 
				                 logger.info("Creating access control expression attribute '" + access + "' for " + path);
			
 
				                 // The single expression will be parsed later by the ExpressionFilterInvocationSecurityMetadataSource
			
 
				-                attributeBuilder.setFactoryMethod("createList");
			
 
				+                attributeBuilder.setFactoryMethod("createSingleAttributeList");
			
 
				 
			
 
				             } else {
			
 
				                 attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
			
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@@ -1004,7 +1004,7 @@ public class HttpSecurityBeanDefinitionParserTests {
 
				     public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Exception {
			
 
				         setContext(
			
 
				                 "    <http auto-config='true' use-expressions='true'>" +
			
 
				-                "        <intercept-url pattern='/secure*' access=\"hasRole('ROLE_A')\" />" +
			
 
				+                "        <intercept-url pattern='/secure*' access=\"hasAnyRole('ROLE_A','ROLE_C')\" />" +
			
 
				                 "        <intercept-url pattern='/**' access='permitAll()' />" +
			
 
				                 "    </http>" + AUTH_PROVIDER_XML);
			
 
				 
			
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -67,8 +67,12 @@ public class SecurityConfig implements ConfigAttribute {
 
				         return createList(StringUtils.commaDelimitedListToStringArray(access));
			
 
				     }
			
 
				 
			
 
				+    public final static List<ConfigAttribute> createSingleAttributeList(String access) {
			
 
				+        return createList(access);
			
 
				+    }
			
 
				+
			
 
				     public final static List<ConfigAttribute> createList(String... attributeNames) {
			
 
				-        Assert.notNull(attributeNames, "You must supply a list of argument names");
			
 
				+        Assert.notNull(attributeNames, "You must supply an array of attribute names");
			
 
				         List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeNames.length);
			
 
				 
			
 
				         for (String attribute : attributeNames) {