From 4542f00b14ba6dc8bb8c1cf4365dc7dad5fe5a3c Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Fri, 12 Sep 2008 19:06:53 +0000 Subject: [PATCH] SEC-975: Namespace security syntax does not interpret properties http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK. --- .../config/HttpSecurityBeanDefinitionParser.java | 4 ++-- .../HttpSecurityBeanDefinitionParserTests.java | 12 +++++++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java index f28b2ab67e..2d45d7b91d 100644 --- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java @@ -273,8 +273,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { exceptionTranslationFilterBuilder.addPropertyValue("createSessionAllowed", new Boolean(allowSessionCreation)); if (StringUtils.hasText(accessDeniedPage)) { - AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); - accessDeniedHandler.setErrorPage(accessDeniedPage); + BeanDefinition accessDeniedHandler = new RootBeanDefinition(AccessDeniedHandlerImpl.class); + accessDeniedHandler.getPropertyValues().addPropertyValue("errorPage", accessDeniedPage); exceptionTranslationFilterBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler); } diff --git a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java index 87d2fbdba7..cf08193a25 100644 --- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java @@ -267,7 +267,7 @@ public class HttpSecurityBeanDefinitionParserTests { assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage")); } - @Test(expected=BeanDefinitionStoreException.class) + @Test(expected=BeanCreationException.class) public void invalidAccessDeniedUrlIsDetected() throws Exception { setContext("" + AUTH_PROVIDER_XML); } @@ -318,6 +318,16 @@ public class HttpSecurityBeanDefinitionParserTests { assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080)); } + @Test + public void accessDeniedPageWorkWithPlaceholders() throws Exception { + System.setProperty("accessDenied", "/go-away"); + setContext( + " " + + " " + AUTH_PROVIDER_XML); + ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER); + assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage")); + } + @Test public void externalFiltersAreTreatedCorrectly() throws Exception { // Decorated user-filters should be added to stack. The others should be ignored.