16 years ago · c6b9371029
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@@ -2,7 +2,7 @@ package org.springframework.security.access.expression.method;
 
				 
			
 
				 import org.springframework.expression.Expression;
			
 
				 import org.springframework.expression.ParseException;
			
 
				-import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
			
 
				+import org.springframework.expression.spel.standard.SpelExpressionParser;
			
 
				 import org.springframework.security.access.ConfigAttribute;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
@@ -26,7 +26,7 @@ abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAtt
 
				      */
			
 
				     AbstractExpressionBasedMethodConfigAttribute(String filterExpression, String authorizeExpression) throws ParseException {
			
 
				         Assert.isTrue(filterExpression != null || authorizeExpression != null, "Filter and authorization Expressions cannot both be null");
			
 
				-        SpelAntlrExpressionParser parser = new SpelAntlrExpressionParser();
			
 
				+        SpelExpressionParser parser = new SpelExpressionParser();
			
 
				         this.filterExpression = filterExpression == null ? null : parser.parseExpression(filterExpression);
			
 
				         this.authorizeExpression = authorizeExpression == null ? null : parser.parseExpression(authorizeExpression);
			
 
				     }
			
--- a/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler.java
@@ -13,7 +13,7 @@ import org.springframework.core.ParameterNameDiscoverer;
 
				 import org.springframework.expression.EvaluationContext;
			
 
				 import org.springframework.expression.Expression;
			
 
				 import org.springframework.expression.ExpressionParser;
			
 
				-import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
			
 
				+import org.springframework.expression.spel.standard.SpelExpressionParser;
			
 
				 import org.springframework.security.access.PermissionEvaluator;
			
 
				 import org.springframework.security.access.expression.ExpressionUtils;
			
 
				 import org.springframework.security.authentication.AuthenticationTrustResolver;
			
@@ -36,7 +36,7 @@ public class DefaultMethodSecurityExpressionHandler implements MethodSecurityExp
 
				     private ParameterNameDiscoverer parameterNameDiscoverer = new LocalVariableTableParameterNameDiscoverer();
			
 
				     private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
			
 
				     private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
			
 
				-    private ExpressionParser expressionParser = new SpelAntlrExpressionParser();
			
 
				+    private ExpressionParser expressionParser = new SpelExpressionParser();
			
 
				 
			
 
				     public DefaultMethodSecurityExpressionHandler() {
			
 
				     }
			
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@@ -14,10 +14,8 @@ import org.springframework.security.access.prepost.PreInvocationAuthorizationAdv
 
				 import org.springframework.security.core.Authentication;
			
 
				 
			
 
				 /**
			
 
				- * If only a @PreFilter condition is specified, it will vote to grant access, otherwise it will vote
			
 
				- * to grant or deny access depending on whether the @PreAuthorize expression evaluates to 'true' or 'false',
			
 
				- * respectively.
			
 
				-
			
 
				+ * Method pre-invocation handling based on expressions.
			
 
				+ *
			
 
				  * @author Luke Taylor
			
 
				  * @version $Id$
			
 
				  * @since
			
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
@@ -12,5 +12,14 @@ import org.springframework.security.core.Authentication;
 
				  */
			
 
				 public interface PreInvocationAuthorizationAdvice {
			
 
				 
			
 
				+    /**
			
 
				+     * The "before" advice which should be executed to perform any filtering necessary and to decide whether
			
 
				+     * the method call is authorised.
			
 
				+     *
			
 
				+     * @param authentication the information on the principal on whose account the decision should be made
			
 
				+     * @param mi the method invocation being attempted
			
 
				+     * @param preInvocationAttribute the attribute built from the @PreFilte and @PostFilter annotations.
			
 
				+     * @return true if authorised, false otherwise
			
 
				+     */
			
 
				     boolean before(Authentication authentication, MethodInvocation mi, PreInvocationAttribute preInvocationAttribute);
			
 
				 }
			
--- a/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
+++ b/core/src/main/java/org/springframework/security/util/MethodInvocationUtils.java
@@ -16,8 +16,6 @@
 
				 package org.springframework.security.util;
			
 
				 
			
 
				 import java.lang.reflect.Method;
			
 
				-import java.util.ArrayList;
			
 
				-import java.util.List;
			
 
				 
			
 
				 import org.aopalliance.intercept.MethodInvocation;
			
 
				 import org.springframework.aop.framework.Advised;
			
@@ -57,13 +55,11 @@ public final class MethodInvocationUtils {
 
				         Class<?>[] classArgs = null;
			
 
				 
			
 
				         if (args != null) {
			
 
				-            List<Class<?>> list = new ArrayList<Class<?>>();
			
 
				+            classArgs = new Class<?>[args.length];
			
 
				 
			
 
				             for (int i = 0; i < args.length; i++) {
			
 
				-                list.add(args[i].getClass());
			
 
				+                classArgs[i] = args[i].getClass();
			
 
				             }
			
 
				-
			
 
				-            classArgs = list.toArray(new Class[] {});
			
 
				         }
			
 
				 
			
 
				         // Determine the type that declares the requested method, taking into account proxies
			
@@ -109,7 +105,8 @@ public final class MethodInvocationUtils {
 
				      * @param args the actual arguments that should be passed to SimpleMethodInvocation
			
 
				      * @return a <code>MethodInvocation</code>, or <code>null</code> if there was a problem
			
 
				      */
			
 
				-    public static MethodInvocation createFromClass(Object targetObject, Class<?> clazz, String methodName, Class<?>[] classArgs, Object[] args) {
			
 
				+    public static MethodInvocation createFromClass(Object targetObject, Class<?> clazz, String methodName,
			
 
				+            Class<?>[] classArgs, Object[] args) {
			
 
				         Assert.notNull(clazz, "Class required");
			
 
				         Assert.hasText(methodName, "MethodName required");
			
 
				 
			
@@ -117,7 +114,7 @@ public final class MethodInvocationUtils {
 
				 
			
 
				         try {
			
 
				             method = clazz.getMethod(methodName, classArgs);
			
 
				-        } catch (Exception e) {
			
 
				+        } catch (NoSuchMethodException e) {
			
 
				             return null;
			
 
				         }
			
 
				 
			
--- a/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
+++ b/core/src/test/java/org/springframework/security/access/expression/method/MethodSecurityExpressionRootTests.java
@@ -7,11 +7,10 @@ import org.jmock.Mockery;
 
				 import org.junit.Before;
			
 
				 import org.junit.Test;
			
 
				 import org.springframework.expression.Expression;
			
 
				-import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
			
 
				+import org.springframework.expression.spel.standard.SpelExpressionParser;
			
 
				 import org.springframework.expression.spel.support.StandardEvaluationContext;
			
 
				 import org.springframework.security.access.PermissionEvaluator;
			
 
				 import org.springframework.security.access.expression.ExpressionUtils;
			
 
				-import org.springframework.security.access.expression.method.MethodSecurityExpressionRoot;
			
 
				 import org.springframework.security.authentication.AuthenticationTrustResolver;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 
			
@@ -22,7 +21,7 @@ import org.springframework.security.core.Authentication;
 
				  * @version $Id$
			
 
				  */
			
 
				 public class MethodSecurityExpressionRootTests {
			
 
				-    SpelAntlrExpressionParser parser = new SpelAntlrExpressionParser();
			
 
				+    SpelExpressionParser parser = new SpelExpressionParser();
			
 
				     MethodSecurityExpressionRoot root;
			
 
				     StandardEvaluationContext ctx;
			
 
				     Mockery jmock = new Mockery();
			
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,8 @@
 
				             <id>com.springsource.repository.bundles.release</id>
			
 
				             <name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Releases</name>
			
 
				             <url>http://repository.springsource.com/maven/bundles/release</url>
			
 
				-        </repository>       
			
 
				+        </repository>  
			
 
				+-->               
			
 
				         <repository>
			
 
				             <releases>
			
 
				               <enabled>false</enabled>
			
@@ -94,11 +95,11 @@
 
				             <snapshots>
			
 
				               <enabled>true</enabled>
			
 
				             </snapshots>            
			
 
				-            <id>com.springsource.repository.bundles.snapshot</id>
			
 
				-            <name>SpringSource Enterprise Bundle Repository - SpringSource Snapshot Releases</name>
			
 
				-            <url>http://repository.springsource.com/maven/bundles/snapshot</url>
			
 
				+            <id>com.springsource.repository.maven.snapshot</id>
			
 
				+            <name>SpringSource Enterprise Bundle Maven Repository - SpringSource Snapshot Releases</name>
			
 
				+            <url>http://maven.springframework.org/snapshot</url>
			
 
				         </repository>
			
 
				--->        
			
 
				+      
			
 
				         <repository>
			
 
				             <releases>
			
 
				               <enabled>true</enabled>
			
@@ -106,7 +107,7 @@
 
				             <snapshots>
			
 
				               <enabled>false</enabled>
			
 
				             </snapshots>            
			
 
				-            <id>Spring Framework Maven Milestone Releases</id>
			
 
				+            <id>com.springsource.repository.maven.milestone</id>
			
 
				             <name>Spring Framework Maven Milestone Releases (Maven Central Format)</name>
			
 
				             <url>http://maven.springframework.org/milestone</url>
			
 
				         </repository>      
			
@@ -114,7 +115,7 @@
 
				 
			
 
				     <pluginRepositories>
			
 
				         <pluginRepository>
			
 
				-            <id>com.springsource.repository.bundles.milestone</id>
			
 
				+            <id>com.springsource.repository.maven.milestone</id>
			
 
				             <name>SpringSource Enterprise Bundle Repository - SpringSource Milestone Releases</name>
			
 
				             <url>http://repository.springsource.com/maven/bundles/milestone</url>
			
 
				         </pluginRepository>
			
@@ -766,7 +767,7 @@
 
				     <properties>
			
 
				         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
			
 
				         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>        
			
 
				-        <spring.version>3.0.0.M3</spring.version>
			
 
				+        <spring.version>3.0.0.BUILD-SNAPSHOT</spring.version>
			
 
				         <jstl.version>1.1.2</jstl.version>
			
 
				         <jetty.version>6.1.18</jetty.version>
			
 
				     </properties>
			
--- a/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java
@@ -2,7 +2,7 @@ package org.springframework.security.web.access.expression;
 
				 
			
 
				 import org.springframework.expression.EvaluationContext;
			
 
				 import org.springframework.expression.ExpressionParser;
			
 
				-import org.springframework.expression.spel.antlr.SpelAntlrExpressionParser;
			
 
				+import org.springframework.expression.spel.standard.SpelExpressionParser;
			
 
				 import org.springframework.expression.spel.support.StandardEvaluationContext;
			
 
				 import org.springframework.security.access.expression.SecurityExpressionRoot;
			
 
				 import org.springframework.security.authentication.AuthenticationTrustResolver;
			
@@ -21,7 +21,7 @@ import org.springframework.security.web.FilterInvocation;
 
				 public class DefaultWebSecurityExpressionHandler implements WebSecurityExpressionHandler {
			
 
				 
			
 
				     private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
			
 
				-    private ExpressionParser expressionParser = new SpelAntlrExpressionParser();
			
 
				+    private ExpressionParser expressionParser = new SpelExpressionParser();
			
 
				 
			
 
				     public ExpressionParser getExpressionParser() {
			
 
				         return expressionParser;