SEC-1556: remove final from DelegatingMethodSecurityMetadataSource #1797

Closed
spring-issuemaster opened this Issue Sep 4, 2010 · 5 comments

1 participant

@spring-issuemaster

Wolfgang Winter (Migrated from SEC-1556) said:

Hi,

For the next release of Cibet control framework (www.logitags.com/cibet) I have integrated Spring Security authorization. It was possible but I had to do some 'dirty' hacks which could be avoided if Spring Security provides some very small changes:

DelegatingMethodSecurityMetadataSource seems to be the default MetadataSource in MethodSecurityInterceptor. I cannot use the cache in DelegatingMethodSecurityMetadataSource because my ConfigAttributes depend not only from class and method but also from other context parameters. I have to implement another cache but want to inherit and reuse code in DelegatingMethodSecurityMetadataSource.

Problem: Cannot inherit because DelegatingMethodSecurityMetadataSource is final.
Workaround: I duplicate the code into my CibetDelegatingMethodSecurityMetadataSource.
Solution: remove final from class DelegatingMethodSecurityMetadataSource

@spring-issuemaster

Wolfgang Winter said:

One more point concerning this:
In AbstractMethodSecurityMetadataSource the Collection getAttributes(Object object) method is also final but I want to overwrite it because I have a third object type as parameter.
Workaround: duplicate the code
Solution: remove final from getAttributes(Object object) method

@spring-issuemaster

Luke Taylor said:

Can't you use delegation instead of inheritance here?

@spring-issuemaster

Wolfgang Winter said:

Not a bad idea. Let me check this.

@spring-issuemaster

Wolfgang Winter said:

Okay, I changed the code to delegation and all tests passed. So this is not an issue anymore. You can close it. Thanks

@spring-issuemaster

Luke Taylor said:

Ok. Thanks for the update.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.M2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment