Inicio Explorar Axuda
Rexistro Iniciar sesión
github
/
spring-security
réplica de https://github.com/spring-projects/spring-security
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.

Luke Taylor %!s(int64=14) %!d(string=hai) anos
pai
594ee9515e
achega
c19a5ffd73
Modificáronse 2 ficheiros con 2 adicións e 12 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 1 1
      core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
  2. 1 11
      core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java

+ 1 - 1
core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
Ver ficheiro 

@@ -35,7 +35,7 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
 
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
 
     protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 
-        return processAnnotation(clazz.getAnnotation(Secured.class));
 
+        return processAnnotation(AnnotationUtils.findAnnotation(clazz, Secured.class));
 
     }
 
 
     protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {

+ 1 - 11
core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
Ver ficheiro 

@@ -105,23 +105,13 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
         }
 
 
         // Check the class-level (note declaringClass, not targetClass, which may not actually implement the method)
 
-        annotation = specificMethod.getDeclaringClass().getAnnotation(annotationClass);
 
+        annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 
         if (annotation != null) {
 
             logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 
             return annotation;
 
         }
 
 
-        // Check for a possible interface annotation which would not be inherited by the declaring class
 
-        if (specificMethod != method) {
 
-            annotation = method.getDeclaringClass().getAnnotation(annotationClass);
 
-
 
-            if (annotation != null) {
 
-                logger.debug(annotation + " found on: " + method.getDeclaringClass().getName());
 
-                return annotation;
 
-            }
 
-        }
 
-
 
         return null;
 
     }