SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
package org.springframework.security.config;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.AfterInvocationProvider;
|
||||
@@ -9,7 +9,7 @@ import org.springframework.security.core.Authentication;
|
||||
|
||||
public class MockAfterInvocationProvider implements AfterInvocationProvider {
|
||||
|
||||
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
|
||||
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
|
||||
throws AccessDeniedException {
|
||||
return returnedObject;
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ package org.springframework.security.config.http;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
@@ -47,7 +47,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
" <intercept-url pattern='/**' access='ROLE_A'/>" +
|
||||
"</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
}
|
||||
@@ -61,9 +61,9 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
|
||||
ExpressionBasedFilterInvocationSecurityMetadataSource fids =
|
||||
(ExpressionBasedFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
|
||||
assertEquals(1, cad.size());
|
||||
assertEquals("hasRole('ROLE_A')", cad.get(0).toString());
|
||||
ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
|
||||
assertEquals(1, cad.length);
|
||||
assertEquals("hasRole('ROLE_A')", cad[0].toString());
|
||||
}
|
||||
|
||||
// SEC-1201
|
||||
@@ -77,10 +77,10 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
" <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
|
||||
"</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertEquals(1, cad.size());
|
||||
assertEquals("ROLE_A", cad.get(0).getAttribute());
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -7,6 +7,7 @@ import static org.springframework.security.config.http.AuthenticationConfigBuild
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@@ -286,7 +287,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
assertEquals(2, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
@@ -314,10 +315,10 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
// Check the security attribute
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertNotNull(attrs);
|
||||
assertEquals(1, attrs.size());
|
||||
assertEquals("ROLE_A",attrs.get(0).getAttribute());
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
|
||||
|
||||
// Check the form login properties are set
|
||||
UsernamePasswordAuthenticationFilter apf = (UsernamePasswordAuthenticationFilter)
|
||||
@@ -340,7 +341,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
assertEquals(2, attrs.size());
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
|
||||
assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
|
||||
@@ -904,7 +905,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
}
|
||||
@@ -942,7 +943,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertEquals(1, attrDef.size());
|
||||
|
||||
// Try an unprotected invocation
|
||||
|
||||
Reference in New Issue
Block a user