Permalink
Browse files

SEC-1971: Allow injection of ExpressionParser in AbstractSecurityExpr…

…essionHandler
  • Loading branch information...
1 parent 6584b65 commit 8b05d2383297c9d89252796833c9aa0002bd9a36 @rwinch rwinch committed Jun 14, 2012
@@ -11,6 +11,7 @@
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
/**
* Base implementation of the facade which isolates Spring Security's requirements for evaluating security expressions
@@ -20,7 +21,7 @@
* @since 3.1
*/
public abstract class AbstractSecurityExpressionHandler<T> implements SecurityExpressionHandler<T>, ApplicationContextAware {
- private final ExpressionParser expressionParser = new SpelExpressionParser();
+ private ExpressionParser expressionParser = new SpelExpressionParser();
private BeanResolver br;
private RoleHierarchy roleHierarchy;
private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
@@ -29,6 +30,11 @@ public final ExpressionParser getExpressionParser() {
return expressionParser;
}
+ public final void setExpressionParser(ExpressionParser expressionParser) {
+ Assert.notNull(expressionParser, "expressionParser cannot be null");
+ this.expressionParser = expressionParser;
+ }
+
/**
* Invokes the internal template methods to create {@code StandardEvaluationContext} and {@code SecurityExpressionRoot}
* objects.
@@ -3,16 +3,15 @@
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
-import org.junit.*;
-import org.springframework.context.ApplicationContext;
+import org.junit.Before;
+import org.junit.Test;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.expression.Expression;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.security.core.Authentication;
-import java.util.*;
-
/**
* @author Luke Taylor
*/
@@ -36,6 +35,18 @@ public void beanNamesAreCorrectlyResolved() throws Exception {
Expression expression = handler.getExpressionParser().parseExpression("@number10.compareTo(@number20) < 0");
assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(mock(Authentication.class), new Object())));
}
+
+ @Test(expected=IllegalArgumentException.class)
+ public void setExpressionParserNull() {
+ handler.setExpressionParser(null);
+ }
+
+ @Test
+ public void setExpressionParser() {
+ SpelExpressionParser parser = new SpelExpressionParser();
+ handler.setExpressionParser(parser);
+ assertTrue(parser == handler.getExpressionParser());
+ }
}
@Configuration

0 comments on commit 8b05d23

Please sign in to comment.