SEC-1257: APIs using List<ConfigAttribute> should use a Collection instead. Converted.

This commit is contained in:
Luke Taylor
2009-10-06 19:46:44 +00:00
parent 5d486a51b6
commit f213cc5d9e
53 changed files with 181 additions and 175 deletions

View File

@@ -1,6 +1,6 @@
package org.springframework.security.config;
import java.util.List;
import java.util.Collection;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.AfterInvocationProvider;
@@ -9,7 +9,7 @@ import org.springframework.security.core.Authentication;
public class MockAfterInvocationProvider implements AfterInvocationProvider {
public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
throws AccessDeniedException {
return returnedObject;
}

View File

@@ -2,7 +2,7 @@ package org.springframework.security.config.http;
import static org.junit.Assert.*;
import java.util.List;
import java.util.Collection;
import org.junit.After;
import org.junit.Test;
@@ -47,7 +47,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
" <intercept-url pattern='/**' access='ROLE_A'/>" +
"</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
assertNotNull(cad);
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
}
@@ -61,9 +61,9 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
ExpressionBasedFilterInvocationSecurityMetadataSource fids =
(ExpressionBasedFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
assertEquals(1, cad.size());
assertEquals("hasRole('ROLE_A')", cad.get(0).toString());
ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
assertEquals(1, cad.length);
assertEquals("hasRole('ROLE_A')", cad[0].toString());
}
// SEC-1201
@@ -77,10 +77,10 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
" <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
"</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
List<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
assertNotNull(cad);
assertEquals(1, cad.size());
assertEquals("ROLE_A", cad.get(0).getAttribute());
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
}
@Test

View File

@@ -7,6 +7,7 @@ import static org.springframework.security.config.http.AuthenticationConfigBuild
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -286,7 +287,7 @@ public class HttpSecurityBeanDefinitionParserTests {
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
List<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
assertEquals(2, attrDef.size());
assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
@@ -314,10 +315,10 @@ public class HttpSecurityBeanDefinitionParserTests {
// Check the security attribute
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
List<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
assertNotNull(attrs);
assertEquals(1, attrs.size());
assertEquals("ROLE_A",attrs.get(0).getAttribute());
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
// Check the form login properties are set
UsernamePasswordAuthenticationFilter apf = (UsernamePasswordAuthenticationFilter)
@@ -340,7 +341,7 @@ public class HttpSecurityBeanDefinitionParserTests {
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
assertEquals(2, attrs.size());
assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
@@ -904,7 +905,7 @@ public class HttpSecurityBeanDefinitionParserTests {
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
assertEquals(1, attrDef.size());
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
}
@@ -942,7 +943,7 @@ public class HttpSecurityBeanDefinitionParserTests {
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
assertEquals(1, attrDef.size());
// Try an unprotected invocation