Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.

Luke Taylor 14 years ago
parent
594ee9515e
commit
c19a5ffd73
2 changed files with 2 additions and 12 deletions
Split View Show Diff Stats
  1. 1 1
      core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
  2. 1 11
      core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java

+ 1 - 1
core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
View File 

@@ -35,7 +35,7 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
 
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
 
     protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 
-        return processAnnotation(clazz.getAnnotation(Secured.class));
 
+        return processAnnotation(AnnotationUtils.findAnnotation(clazz, Secured.class));
 
     }
 
 
     protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {

+ 1 - 11
core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
View File 

@@ -105,23 +105,13 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
         }
 
 
         // Check the class-level (note declaringClass, not targetClass, which may not actually implement the method)
 
-        annotation = specificMethod.getDeclaringClass().getAnnotation(annotationClass);
 
+        annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 
         if (annotation != null) {
 
             logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 
             return annotation;
 
         }
 
 
-        // Check for a possible interface annotation which would not be inherited by the declaring class
 
-        if (specificMethod != method) {
 
-            annotation = method.getDeclaringClass().getAnnotation(annotationClass);
 
-
 
-            if (annotation != null) {
 
-                logger.debug(annotation + " found on: " + method.getDeclaringClass().getName());
 
-                return annotation;
 
-            }
 
-        }
 
-
 
         return null;
 
     }