首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

SEC-1796: Check for annotated annotations at class/interface level. Previously only the specific security annotation was checked for. By delegating to Spring's AnnotationUtils, custom annotations carrying the security annotation are also detected.

Luke Taylor 14 年之前
父节点
594ee9515e
当前提交
c19a5ffd73
共有 2 个文件被更改,包括 2 次插入12 次删除
合并视图 显示文件统计
  1. 1 1
      core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
  2. 1 11
      core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java

+ 1 - 1
core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
查看文件 

@@ -35,7 +35,7 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
 
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 
 
 
     protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 
     protected Collection<ConfigAttribute> findAttributes(Class<?> clazz) {
 
-        return processAnnotation(clazz.getAnnotation(Secured.class));
 
+        return processAnnotation(AnnotationUtils.findAnnotation(clazz, Secured.class));
 
     }
 
     }
 
 
 
     protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {
 
     protected Collection<ConfigAttribute> findAttributes(Method method, Class<?> targetClass) {

+ 1 - 11
core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
查看文件 

@@ -105,23 +105,13 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur
 
         }
 
         }
 
 
 
         // Check the class-level (note declaringClass, not targetClass, which may not actually implement the method)
 
         // Check the class-level (note declaringClass, not targetClass, which may not actually implement the method)
 
-        annotation = specificMethod.getDeclaringClass().getAnnotation(annotationClass);
 
+        annotation = AnnotationUtils.findAnnotation(specificMethod.getDeclaringClass(), annotationClass);
 
 
 
         if (annotation != null) {
 
         if (annotation != null) {
 
             logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 
             logger.debug(annotation + " found on: " + specificMethod.getDeclaringClass().getName());
 
             return annotation;
 
             return annotation;
 
         }
 
         }
 
 
 
-        // Check for a possible interface annotation which would not be inherited by the declaring class
 
-        if (specificMethod != method) {
 
-            annotation = method.getDeclaringClass().getAnnotation(annotationClass);
 
-
 
-            if (annotation != null) {
 
-                logger.debug(annotation + " found on: " + method.getDeclaringClass().getName());
 
-                return annotation;
 
-            }
 
-        }
 
-
 
         return null;
 
         return null;
 
     }
 
     }