Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

GPSPRINGSECURITYCORE-146 added support for org.springframework.securi…

…ty.access.annotation.Secured
  • Loading branch information...
commit a13469f6588a660f3d486ef4338f0fd2468fd897 1 parent 8b8fc54
authored December 23, 2011
2  src/docs/guide/5.1 Defining Secured Annotations.gdoc
... ...
@@ -1,4 +1,4 @@
1  
-You can use an @\@Secured@ annotation in your controllers to configure which roles are required for which actions. To use annotations, specify @securityConfigType="Annotation"@, or leave it unspecified because it's the default:
  1
+You can use an @\@Secured@ annotation (either the standard @org.springframework.security.access.annotation.Secured@ or the plugin's @grails.plugins.springsecurity.Secured@ which also works on controller closure actions) in your controllers to configure which roles are required for which actions. To use annotations, specify @securityConfigType="Annotation"@, or leave it unspecified because it's the default:
2 2
 
3 3
 {code}
4 4
 grails.plugins.springsecurity.securityConfigType = "Annotation"
37  src/java/org/codehaus/groovy/grails/plugins/springsecurity/AnnotationFilterInvocationDefinition.java
@@ -14,13 +14,14 @@
14 14
  */
15 15
 package org.codehaus.groovy.grails.plugins.springsecurity;
16 16
 
17  
-import grails.plugins.springsecurity.Secured;
18  
-
  17
+import java.lang.annotation.Annotation;
19 18
 import java.lang.reflect.Field;
20 19
 import java.lang.reflect.Method;
  20
+import java.util.Arrays;
21 21
 import java.util.Collection;
22 22
 import java.util.HashMap;
23 23
 import java.util.HashSet;
  24
+import java.util.List;
24 25
 import java.util.Map;
25 26
 import java.util.Set;
26 27
 
@@ -53,6 +54,10 @@
53 54
  */
54 55
 public class AnnotationFilterInvocationDefinition extends AbstractFilterInvocationDefinition {
55 56
 
  57
+	private static final List<String> ANNOTATION_CLASS_NAMES = Arrays.asList(
  58
+			grails.plugins.springsecurity.Secured.class.getName(),
  59
+			org.springframework.security.access.annotation.Secured.class.getName());
  60
+
56 61
 	private UrlMappingsHolder _urlMappingsHolder;
57 62
 	private GrailsApplication _application;
58 63
 
@@ -248,9 +253,9 @@ private void findControllerAnnotations(final GrailsControllerClass controllerCla
248 253
 		Class<?> clazz = controllerClass.getClazz();
249 254
 		String controllerName = WordUtils.uncapitalize(controllerClass.getName());
250 255
 
251  
-		Secured annotation = clazz.getAnnotation(Secured.class);
  256
+		Annotation annotation = findAnnotation(clazz.getAnnotations());
252 257
 		if (annotation != null) {
253  
-			classRoleMap.put(controllerName, asSet(annotation.value()));
  258
+			classRoleMap.put(controllerName, asSet(getValue(annotation)));
254 259
 		}
255 260
 
256 261
 		Map<String, Set<String>> annotatedClosureNames = findActionRoles(clazz);
@@ -264,20 +269,36 @@ private void findControllerAnnotations(final GrailsControllerClass controllerCla
264 269
 		// fields, but they end up as private
265 270
 		Map<String, Set<String>> actionRoles = new HashMap<String, Set<String>>();
266 271
 		for (Field field : clazz.getDeclaredFields()) {
267  
-			Secured annotation = field.getAnnotation(Secured.class);
  272
+			Annotation annotation = findAnnotation(field.getAnnotations());
268 273
 			if (annotation != null) {
269  
-				actionRoles.put(field.getName(), asSet(annotation.value()));
  274
+				actionRoles.put(field.getName(), asSet(getValue(annotation)));
270 275
 			}
271 276
 		}
272 277
 		for (Method method : clazz.getDeclaredMethods()) {
273  
-			Secured annotation = method.getAnnotation(Secured.class);
  278
+			Annotation annotation = findAnnotation(method.getAnnotations());
274 279
 			if (annotation != null) {
275  
-				actionRoles.put(method.getName(), asSet(annotation.value()));
  280
+				actionRoles.put(method.getName(), asSet(getValue(annotation)));
276 281
 			}
277 282
 		}
278 283
 		return actionRoles;
279 284
 	}
280 285
 
  286
+	private Annotation findAnnotation(Annotation[] annotations) {
  287
+		for (Annotation annotation : annotations) {
  288
+			if (ANNOTATION_CLASS_NAMES.contains(annotation.annotationType().getName())) {
  289
+				return annotation;
  290
+			}
  291
+		}
  292
+		return null;
  293
+	}
  294
+
  295
+	private String[] getValue(Annotation annotation) {
  296
+		if (annotation instanceof grails.plugins.springsecurity.Secured) {
  297
+			return ((grails.plugins.springsecurity.Secured)annotation).value();
  298
+		}
  299
+		return ((org.springframework.security.access.annotation.Secured)annotation).value();
  300
+	}
  301
+
281 302
 	private Set<String> asSet(final String[] strings) {
282 303
 		Set<String> set = new HashSet<String>();
283 304
 		for (String string : strings) {
2  .../unit/org/codehaus/groovy/grails/plugins/springsecurity/AnnotationFilterInvocationDefinitionTests.groovy
@@ -49,7 +49,7 @@ import org.springframework.web.context.request.RequestContextHolder
49 49
  */
50 50
 class AnnotationFilterInvocationDefinitionTests extends GroovyTestCase {
51 51
 
52  
-	private _fid
  52
+	private AnnotationFilterInvocationDefinition _fid
53 53
 	private final _application = new TestApplication()
54 54
 
55 55
 	/**

0 notes on commit a13469f

Please sign in to comment.
Something went wrong with that request. Please try again.