SEC-3029: Fix Compatibility with Spring 4.2.x

acl/src/main/java/org/springframework/security/acls/jdbc/JdbcMutableAclService.java

@@ -192,7 +192,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			jdbcTemplate.update(insertClass, type);
 			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
 					"Transaction must be running");
-			return new Long(jdbcTemplate.queryForLong(classIdentityQuery));
+			return jdbcTemplate.queryForObject(classIdentityQuery, Long.class);
 		}
 
 		return null;
@@ -252,7 +252,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 			jdbcTemplate.update(insertSid, Boolean.valueOf(sidIsPrincipal), sidName);
 			Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
 					"Transaction must be running");
-			return new Long(jdbcTemplate.queryForLong(sidIdentityQuery));
+			return jdbcTemplate.queryForObject(sidIdentityQuery, Long.class);
 		}
 
 		return null;
@@ -332,8 +332,8 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
 	 */
 	protected Long retrieveObjectIdentityPrimaryKey(ObjectIdentity oid) {
 		try {
-			return new Long(jdbcTemplate.queryForLong(selectObjectIdentityPrimaryKey,
+			return jdbcTemplate.queryForObject(selectObjectIdentityPrimaryKey, Long.class,
-					oid.getType(), oid.getIdentifier()));
+					oid.getType(), oid.getIdentifier());
 		}
 		catch (DataAccessException notFound) {
 			return null;

config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java

@@ -15,12 +15,22 @@
  */
 package org.springframework.security.config.websocket;
 
-import org.apache.commons.logging.Log;
+import java.util.Comparator;
-import org.apache.commons.logging.LogFactory;
+import java.util.List;
+import java.util.Map;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.PropertyValue;
-import org.springframework.beans.factory.config.*;
+import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.support.*;
+import org.springframework.beans.factory.config.BeanReference;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.RuntimeBeanReference;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
+import org.springframework.beans.factory.support.ManagedList;
+import org.springframework.beans.factory.support.ManagedMap;
+import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.xml.XmlReaderContext;
@@ -43,10 +53,6 @@ import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
 import org.w3c.dom.Element;
 
-import java.util.Comparator;
-import java.util.List;
-import java.util.Map;
-
 /**
  * Parses Spring Security's websocket namespace support. A simple example is:
  *
@@ -208,6 +214,11 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 	static class MessageSecurityPostProcessor implements
 			BeanDefinitionRegistryPostProcessor {
 
+		/**
+		 * This is not available prior to Spring 4.2
+		 */
+		private static final String WEB_SOCKET_AMMH_CLASS_NAME = "org.springframework.web.socket.messaging.WebSocketAnnotationMethodMessageHandler";
+
 		private static final String CLIENT_INBOUND_CHANNEL_BEAN_ID = "clientInboundChannel";
 
 		private static final String INTERCEPTORS_PROP = "interceptors";
@@ -231,7 +242,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 				BeanDefinition bd = registry.getBeanDefinition(beanName);
 				String beanClassName = bd.getBeanClassName();
 				if (beanClassName.equals(SimpAnnotationMethodMessageHandler.class
-						.getName())) {
+						.getName()) || beanClassName.equals(WEB_SOCKET_AMMH_CLASS_NAME)) {
 					PropertyValue current = bd.getPropertyValues().getPropertyValue(
 							CUSTOM_ARG_RESOLVERS_PROP);
 					ManagedList<Object> argResolvers = new ManagedList<Object>();

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy

@@ -44,6 +44,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
 import org.springframework.security.authentication.event.AuthenticationSuccessEvent
 import org.springframework.security.config.annotation.BaseSpringSpec
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
+import org.springframework.security.config.method.TestPermissionEvaluator;
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.authority.AuthorityUtils
 import org.springframework.security.core.context.SecurityContextHolder
@@ -250,7 +251,7 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
 
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class MultiPermissionEvaluatorConfig extends GlobalMethodSecurityConfiguration {
-		static PermissionEvaluator PE
+		static PermissionEvaluator PE = new TestPermissionEvaluator()
 
 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {

core/src/main/java/org/springframework/security/provisioning/JdbcUserDetailsManager.java

@@ -375,7 +375,7 @@ public class JdbcUserDetailsManager extends JdbcDaoImpl implements UserDetailsMa
 	}
 
 	private int findGroupId(String group) {
-		return getJdbcTemplate().queryForInt(findGroupIdSql, group);
+		return getJdbcTemplate().queryForObject(findGroupIdSql, Integer.class, group);
 	}
 
 	public void setAuthenticationManager(AuthenticationManager authenticationManager) {

core/src/test/java/org/springframework/security/provisioning/JdbcUserDetailsManagerTests.java

@@ -250,7 +250,8 @@ public class JdbcUserDetailsManagerTests {
 
 		assertEquals(
 				0,
-				template.queryForInt("select id from groups where group_name = 'GROUP_X'"));
+				(int) template.queryForObject("select id from groups where group_name = 'GROUP_X'",
+						Integer.class));
 	}
 
 	@Test

samples/dms-xml/src/main/java/sample/dms/DocumentDaoImpl.java

@@ -30,7 +30,7 @@ public class DocumentDaoImpl extends JdbcDaoSupport implements DocumentDao {
 	private Long obtainPrimaryKey() {
 		Assert.isTrue(TransactionSynchronizationManager.isSynchronizationActive(),
 				"Transaction must be running");
-		return new Long(getJdbcTemplate().queryForLong(SELECT_IDENTITY));
+		return getJdbcTemplate().queryForObject(SELECT_IDENTITY, Long.class);
 	}
 
 	public void create(AbstractElement element) {

samples/dms-xml/src/test/java/DmsIntegrationTests.java

@@ -40,8 +40,8 @@ public class DmsIntegrationTests extends AbstractTransactionalJUnit4SpringContex
 
 	@Test
 	public void testBasePopulation() {
-		assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY"));
+		assertEquals(9, (int) jdbcTemplate.queryForObject("select count(id) from DIRECTORY", Integer.class));
-		assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE"));
+		assertEquals(90, (int) jdbcTemplate.queryForObject("select count(id) from FILE", Integer.class));
 		assertEquals(3, documentDao.findElements(Directory.ROOT_DIRECTORY).length);
 	}
 

samples/dms-xml/src/test/java/SecureDmsIntegrationTests.java

@@ -15,18 +15,23 @@ public class SecureDmsIntegrationTests extends DmsIntegrationTests {
 
 	@Test
 	public void testBasePopulation() {
-		assertEquals(9, jdbcTemplate.queryForInt("select count(id) from DIRECTORY"));
+		assertEquals(9,
-		assertEquals(90, jdbcTemplate.queryForInt("select count(id) from FILE"));
+				(int) jdbcTemplate.queryForObject("select count(id) from DIRECTORY", Integer.class));
-		assertEquals(4, jdbcTemplate.queryForInt("select count(id) from ACL_SID")); // 3
+		assertEquals(90,
-																					// users
+				(int) jdbcTemplate.queryForObject("select count(id) from FILE", Integer.class));
-																					// + 1
+		assertEquals(4,
-																					// role
+				(int) jdbcTemplate.queryForObject("select count(id) from ACL_SID", Integer.class));	// 3
-		assertEquals(2, jdbcTemplate.queryForInt("select count(id) from ACL_CLASS")); // Directory
+																							// users
-																						// and
+																							// + 1
-																						// File
+																							// role
+		assertEquals(2,
+				(int) jdbcTemplate.queryForObject("select count(id) from ACL_CLASS", Integer.class)); // Directory
+																							// and
+																							// File
 		assertEquals(100,
-				jdbcTemplate.queryForInt("select count(id) from ACL_OBJECT_IDENTITY"));
+				(int) jdbcTemplate.queryForObject("select count(id) from ACL_OBJECT_IDENTITY", Integer.class));
-		assertEquals(115, jdbcTemplate.queryForInt("select count(id) from ACL_ENTRY"));
+		assertEquals(115,
+				(int) jdbcTemplate.queryForObject("select count(id) from ACL_ENTRY", Integer.class));
 	}
 
 	public void testMarissaRetrieval() {

web/src/main/java/org/springframework/security/web/authentication/session/AbstractSessionFixationProtectionStrategy.java

@@ -149,6 +149,9 @@ abstract class AbstractSessionFixationProtectionStrategy implements
 	protected static final class NullEventPublisher implements ApplicationEventPublisher {
 		public void publishEvent(ApplicationEvent event) {
 		}
+
+		public void publishEvent(Object event) {
+		}
 	}
 
 }