diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index 50c1277189..b92f704a44 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -1,5 +1,6 @@ package org.springframework.security.config.http; +import java.util.Collection; import java.util.List; import java.util.Map; @@ -99,7 +100,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class, filters); DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) fsi.getSecurityMetadataSource(); - List attributes = fids.lookupAttributes(loginPage, "POST"); + Collection attributes = fids.lookupAttributes(loginPage, "POST"); if (attributes == null) { logger.debug("No access attributes defined for login page URL"); diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java index b0bb7cc205..cf07142241 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java @@ -39,11 +39,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity */ public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { - protected List findAttributes(Class clazz) { + protected Collection findAttributes(Class clazz) { return processAnnotations(clazz.getAnnotations()); } - protected List findAttributes(Method method, Class targetClass) { + protected Collection findAttributes(Method method, Class targetClass) { return processAnnotations(AnnotationUtils.getAnnotations(method)); } diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java index 3347befa2b..3c5fd537e9 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java @@ -35,11 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity */ public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { - protected List findAttributes(Class clazz) { + protected Collection findAttributes(Class clazz) { return processAnnotation(clazz.getAnnotation(Secured.class)); } - protected List findAttributes(Method method, Class targetClass) { + protected Collection findAttributes(Method method, Class targetClass) { return processAnnotation(AnnotationUtils.findAnnotation(method, Secured.class)); } diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java index 2a750e1ea9..4d426acfb3 100644 --- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java @@ -1,7 +1,7 @@ package org.springframework.security.access.method; import java.lang.reflect.Method; -import java.util.List; +import java.util.Collection; import org.springframework.security.access.ConfigAttribute; import org.springframework.util.ClassUtils; @@ -27,12 +27,12 @@ import org.springframework.util.ClassUtils; */ public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { - public List getAttributes(Method method, Class targetClass) { + public Collection getAttributes(Method method, Class targetClass) { // The method may be on an interface, but we need attributes from the target class. // If the target class is null, the method will be unchanged. Method specificMethod = ClassUtils.getMostSpecificMethod(method, targetClass); // First try is the method in the target class. - List attr = findAttributes(specificMethod, targetClass); + Collection attr = findAttributes(specificMethod, targetClass); if (attr != null) { return attr; } @@ -68,7 +68,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr * @param targetClass the target class for the invocation (may be null) * @return the security metadata (or null if no metadata applies) */ - protected abstract List findAttributes(Method method, Class targetClass); + protected abstract Collection findAttributes(Method method, Class targetClass); /** * Obtains the security metadata registered against the specified class. @@ -82,7 +82,7 @@ public abstract class AbstractFallbackMethodSecurityMetadataSource extends Abstr * @param clazz the target class for the invocation (never null) * @return the security metadata (or null if no metadata applies) */ - protected abstract List findAttributes(Class clazz); + protected abstract Collection findAttributes(Class clazz); } diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java index 5c79764a86..8a8b27b733 100644 --- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java @@ -26,8 +26,8 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod private final static List NULL_CONFIG_ATTRIBUTE = Collections.emptyList(); private List methodSecurityMetadataSources; - private final Map> attributeCache = - new HashMap>(); + private final Map> attributeCache = + new HashMap>(); //~ Methods ======================================================================================================== @@ -35,10 +35,10 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod Assert.notNull(methodSecurityMetadataSources, "A list of MethodSecurityMetadataSources is required"); } - public List getAttributes(Method method, Class targetClass) { + public Collection getAttributes(Method method, Class targetClass) { DefaultCacheKey cacheKey = new DefaultCacheKey(method, targetClass); synchronized (attributeCache) { - List cached = attributeCache.get(cacheKey); + Collection cached = attributeCache.get(cacheKey); // Check for canonical value indicating there is no config attribute, if (cached == NULL_CONFIG_ATTRIBUTE) { return null; @@ -49,7 +49,7 @@ public final class DelegatingMethodSecurityMetadataSource extends AbstractMethod } // No cached value, so query the sources to find a result - List attributes = null; + Collection attributes = null; for (MethodSecurityMetadataSource s : methodSecurityMetadataSources) { attributes = s.getAttributes(method, targetClass); if (attributes != null) { diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java index cd541288ce..2021012a67 100644 --- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java @@ -72,14 +72,14 @@ public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethod /** * Implementation does not support class-level attributes. */ - protected List findAttributes(Class clazz) { + protected Collection findAttributes(Class clazz) { return null; } /** * Will walk the method inheritance tree to find the most specific declaration applicable. */ - protected List findAttributes(Method method, Class targetClass) { + protected Collection findAttributes(Method method, Class targetClass) { if (targetClass == null) { return null; } diff --git a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java index 1336091869..1f731528b9 100644 --- a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java @@ -16,7 +16,7 @@ package org.springframework.security.access.method; import java.lang.reflect.Method; -import java.util.List; +import java.util.Collection; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityMetadataSource; @@ -30,5 +30,5 @@ import org.springframework.security.access.SecurityMetadataSource; * @version $Id$ */ public interface MethodSecurityMetadataSource extends SecurityMetadataSource { - public List getAttributes(Method method, Class targetClass); + public Collection getAttributes(Method method, Class targetClass); } diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java index 2327c21940..3e00a1d9b9 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java @@ -4,7 +4,6 @@ import java.lang.annotation.Annotation; import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collection; -import java.util.List; import org.springframework.core.annotation.AnnotationUtils; import org.springframework.security.access.ConfigAttribute; @@ -38,7 +37,7 @@ public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecur this.attributeFactory = attributeFactory; } - public List getAttributes(Method method, Class targetClass) { + public Collection getAttributes(Method method, Class targetClass) { if (method.getDeclaringClass() == Object.class) { return null; } diff --git a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodDefinitionSourceTests.java index e9ce8a4204..7c4f1662cb 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodDefinitionSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/Jsr250MethodDefinitionSourceTests.java @@ -2,7 +2,7 @@ package org.springframework.security.access.annotation; import static org.junit.Assert.assertEquals; -import java.util.List; +import java.util.Collection; import javax.annotation.security.DenyAll; import javax.annotation.security.PermitAll; @@ -12,7 +12,6 @@ import junit.framework.Assert; import org.junit.Test; import org.springframework.security.access.ConfigAttribute; -import org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource; /** * @author Luke Taylor @@ -25,51 +24,55 @@ public class Jsr250MethodDefinitionSourceTests { UserAllowedClass userAllowed = new UserAllowedClass(); DenyAllClass denyAll = new DenyAllClass(); + private ConfigAttribute[] findAttributes(String methodName) throws Exception { + return mds.findAttributes(a.getClass().getMethod(methodName), null).toArray(new ConfigAttribute[0]); + } + @Test public void methodWithRolesAllowedHasCorrectAttribute() throws Exception { - List accessAttributes = mds.findAttributes(a.getClass().getMethod("adminMethod"), null); - assertEquals(1, accessAttributes.size()); - assertEquals("ADMIN", accessAttributes.get(0).toString()); + ConfigAttribute[] accessAttributes = findAttributes("adminMethod"); + assertEquals(1, accessAttributes.length); + assertEquals("ADMIN", accessAttributes[0].toString()); } @Test public void permitAllMethodHasPermitAllAttribute() throws Exception { - List accessAttributes = mds.findAttributes(a.getClass().getMethod("permitAllMethod"), null); - assertEquals(1, accessAttributes.size()); - assertEquals("javax.annotation.security.PermitAll", accessAttributes.get(0).toString()); + ConfigAttribute[] accessAttributes = findAttributes("permitAllMethod"); + assertEquals(1, accessAttributes.length); + assertEquals("javax.annotation.security.PermitAll", accessAttributes[0].toString()); } @Test public void noRoleMethodHasDenyAllAttributeWithDenyAllClass() throws Exception { - List accessAttributes = mds.findAttributes(denyAll.getClass()); - assertEquals(1, accessAttributes.size()); - assertEquals("javax.annotation.security.DenyAll", accessAttributes.get(0).toString()); + ConfigAttribute[] accessAttributes = mds.findAttributes(denyAll.getClass()).toArray(new ConfigAttribute[0]); + assertEquals(1, accessAttributes.length); + assertEquals("javax.annotation.security.DenyAll", accessAttributes[0].toString()); } @Test public void adminMethodHasAdminAttributeWithDenyAllClass() throws Exception { - List accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null); + Collection accessAttributes = mds.findAttributes(denyAll.getClass().getMethod("adminMethod"), null); assertEquals(1, accessAttributes.size()); - assertEquals("ADMIN", accessAttributes.get(0).toString()); + assertEquals("ADMIN", accessAttributes.toArray()[0].toString()); } @Test public void noRoleMethodHasNoAttributes() throws Exception { - List accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null); + Collection accessAttributes = mds.findAttributes(a.getClass().getMethod("noRoleMethod"), null); Assert.assertNull(accessAttributes); } @Test public void classRoleIsAppliedToNoRoleMethod() throws Exception { - List accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null); + Collection accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("noRoleMethod"), null); Assert.assertNull(accessAttributes); } @Test public void methodRoleOverridesClassRole() throws Exception { - List accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null); + Collection accessAttributes = mds.findAttributes(userAllowed.getClass().getMethod("adminMethod"), null); assertEquals(1, accessAttributes.size()); - assertEquals("ADMIN", accessAttributes.get(0).toString()); + assertEquals("ADMIN", accessAttributes.toArray()[0].toString()); } //~ Inner Classes ====================================================================================================== diff --git a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java index 54556eb0b2..1048dfbb49 100644 --- a/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java +++ b/core/src/test/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataDefinitionSourceTests.java @@ -15,7 +15,7 @@ package org.springframework.security.access.annotation; import java.lang.reflect.Method; -import java.util.List; +import java.util.Collection; import junit.framework.TestCase; @@ -23,7 +23,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; -import org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource; import org.springframework.util.StringUtils; @@ -52,7 +51,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test fail("Should be a superMethod called 'someUserMethod3' on class!"); } - List attrs = mds.findAttributes(method, DepartmentServiceImpl.class); + Collection attrs = mds.findAttributes(method, DepartmentServiceImpl.class); assertNotNull(attrs); @@ -76,7 +75,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test fail("Should be a superMethod called 'someUserMethod3' on class!"); } - List superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class); + Collection superAttrs = this.mds.findAttributes(superMethod, DepartmentServiceImpl.class); assertNotNull(superAttrs); @@ -94,7 +93,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test } public void testGetAttributesClass() { - List attrs = this.mds.findAttributes(BusinessService.class); + Collection attrs = this.mds.findAttributes(BusinessService.class); assertNotNull(attrs); @@ -102,7 +101,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test assertEquals(1, attrs.size()); // should have 1 SecurityConfig - SecurityConfig sc = ((SecurityConfig) attrs.get(0)); + SecurityConfig sc = (SecurityConfig) attrs.toArray()[0]; assertEquals("ROLE_USER", sc.getAttribute()); } @@ -116,7 +115,7 @@ public class SecuredAnnotationSecurityMetadataDefinitionSourceTests extends Test fail("Should be a method called 'someUserAndAdminMethod' on class!"); } - List attrs = this.mds.findAttributes(method, BusinessService.class); + Collection attrs = this.mds.findAttributes(method, BusinessService.class); assertNotNull(attrs); diff --git a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodSecurityMetadataSource.java b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodSecurityMetadataSource.java index 62b4b31848..c1d5cb0ca4 100644 --- a/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodSecurityMetadataSource.java +++ b/core/src/test/java/org/springframework/security/access/intercept/method/MockMethodSecurityMetadataSource.java @@ -68,7 +68,7 @@ public class MockMethodSecurityMetadataSource implements MethodSecurityMetadataS throw new UnsupportedOperationException("mock method not implemented"); } - public List getAttributes(Method method, Class targetClass) { + public Collection getAttributes(Method method, Class targetClass) { throw new UnsupportedOperationException("mock method not implemented"); }