SEC-654: Made ConfigAttributeDefinition immutable, added several constructors to simplify its use. Removed MethodDefinitionMapping and FilterInvocationDefinitionMapping.

core-tiger/src/test/java/org/springframework/security/annotation/MethodDefinitionSourceEditorTigerTests.java

@@ -40,75 +40,48 @@ import org.aopalliance.intercept.MethodInvocation;
  * @version $Id$
  */
 public class MethodDefinitionSourceEditorTigerTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public MethodDefinitionSourceEditorTigerTests() {
-        super();
-    }
-
-    public MethodDefinitionSourceEditorTigerTests(String arg0) {
-        super(arg0);
-    }
-
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
+    public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface() throws Exception {
-        junit.textui.TestRunner.run(MethodDefinitionSourceEditorTigerTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
-    public void testConcreteClassInvocationsAlsoReturnDefinitionsAgainstInterface()
-        throws Exception {
         MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
         editor.setAsText(
-            "org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
+                "org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
 
         MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
         assertEquals(3, map.getMethodMapSize());
 
         ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(Service.class,
-                    "makeLowerCase", new Class[] {Entity.class}));
+                "makeLowerCase", new Class[]{Entity.class}));
-        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition("ROLE_FROM_INTERFACE");
-        expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeLower, returnedMakeLower);
 
         ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(ServiceImpl.class,
-                    "makeUpperCase", new Class[] {Entity.class}));
+                "makeUpperCase", new Class[]{Entity.class}));
-        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition(new String[]{"ROLE_FROM_IMPLEMENTATION", "ROLE_FROM_INTERFACE"});
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_IMPLEMENTATION"));
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeUpper, returnedMakeUpper);
     }
 
-    public void testGenericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride()
+    public void testGenericsSuperclassDeclarationsAreIncludedWhenSubclassesOverride() throws Exception {
-        throws Exception {
         MethodDefinitionSourceEditor editor = new MethodDefinitionSourceEditor();
         editor.setAsText(
-            "org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
+                "org.springframework.security.annotation.test.Service.makeLower*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.Service.makeUpper*=ROLE_FROM_INTERFACE\r\norg.springframework.security.annotation.test.ServiceImpl.makeUpper*=ROLE_FROM_IMPLEMENTATION");
 
         MethodDefinitionMap map = (MethodDefinitionMap) editor.getValue();
         assertEquals(3, map.getMethodMapSize());
 
         ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(PersonService.class,
-                    "makeLowerCase", new Class[] {Entity.class}));
+                "makeLowerCase", new Class[]{Entity.class}));
-        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition("ROLE_FROM_INTERFACE");
-        expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeLower, returnedMakeLower);
 
         ConfigAttributeDefinition returnedMakeLower2 = map.getAttributes(new MockMethodInvocation(
-                    OrganisationService.class, "makeLowerCase", new Class[] {Entity.class}));
+                OrganisationService.class, "makeLowerCase", new Class[]{Entity.class}));
-        ConfigAttributeDefinition expectedMakeLower2 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeLower2 = new ConfigAttributeDefinition("ROLE_FROM_INTERFACE");
-        expectedMakeLower2.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeLower2, returnedMakeLower2);
 
         ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(
-                    PersonServiceImpl.class, "makeUpperCase", new Class[] {Entity.class}));
+                PersonServiceImpl.class, "makeUpperCase", new Class[]{Entity.class}));
-        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition(new String[]{"ROLE_FROM_IMPLEMENTATION", "ROLE_FROM_INTERFACE"});
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_IMPLEMENTATION"));
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeUpper, returnedMakeUpper);
     }
 

core/src/main/java/org/springframework/security/ConfigAttributeDefinition.java

@@ -15,44 +15,93 @@
 
 package org.springframework.security;
 
+import org.springframework.util.Assert;
+
 import java.io.Serializable;
 
 import java.util.Iterator;
 import java.util.List;
-import java.util.Vector;
+import java.util.Collections;
+import java.util.ArrayList;
+import java.util.Collection;
 
 
 /**
- * Holds a group of {@link ConfigAttribute}s that are associated with a given secure object target.<p>All the
+ * Holds a group of {@link ConfigAttribute}s that are associated with a given secure object target - effectively a
- * <code>ConfigAttributeDefinition</code>s associated with a given {@link
+ * Collection<ConfigAttribute>.
+ * <p>
+ * Once created, the object is immutable.
+ * <p>
+ * All the <code>ConfigAttributeDefinition</code>s associated with a given {@link
  * org.springframework.security.intercept.AbstractSecurityInterceptor} are stored in an {@link
- * org.springframework.security.intercept.ObjectDefinitionSource}.</p>
+ * org.springframework.security.intercept.ObjectDefinitionSource}.
  *
  * @author Ben Alex
  * @version $Id$
  */
 public class ConfigAttributeDefinition implements Serializable {
+    public static final ConfigAttributeDefinition NO_ATTRIBUTES = new ConfigAttributeDefinition();
+
     //~ Instance fields ================================================================================================
 
-    private List configAttributes = new Vector();
+    private List configAttributes;
 
     //~ Constructors ===================================================================================================
 
-    public ConfigAttributeDefinition() {
+    private ConfigAttributeDefinition() {
-        super();
+        configAttributes = Collections.EMPTY_LIST;
     }
 
-    //~ Methods ========================================================================================================
+    /**
+     * Creates a ConfigAttributeDefinition containing a single attribute
+     * @param attribute the String name of the attribute (converted internally to a <tt>SecurityConfig</tt> instance).
+     */
+    public ConfigAttributeDefinition(String attribute) {
+        configAttributes = new ArrayList(1);
+        configAttributes.add(new SecurityConfig(attribute));
+        configAttributes = Collections.unmodifiableList(configAttributes);
+    }
 
     /**
-     * Adds a <code>ConfigAttribute</code> that is related to the secure object method.
+     * Creates a ConfigAttributeDefinition containing a single attribute.
+     */
+    public ConfigAttributeDefinition(ConfigAttribute attribute) {
+        configAttributes = new ArrayList(1);
+        configAttributes.add(attribute);
+        configAttributes = Collections.unmodifiableList(configAttributes);        
+    }
+
+    /**
+     * Builds a collection of ConfigAttributes from an array of String tokens, each of which will be wrapped in a
+     * <tt>SecurityConfig</tt> instance.
      *
-     * @param newConfigAttribute the new configuration attribute to add
+     * @param attributeTokens the tokens which will be turned into attributes.
      */
-    public void addConfigAttribute(ConfigAttribute newConfigAttribute) {
+    public ConfigAttributeDefinition(String[] attributeTokens) {
-        this.configAttributes.add(newConfigAttribute);
+        configAttributes = new ArrayList(attributeTokens.length);
+        
+        for (int i = 0; i < attributeTokens.length; i++) {
+            configAttributes.add(new SecurityConfig(attributeTokens[i].trim()));
+        }
+
+        configAttributes = Collections.unmodifiableList(configAttributes);
     }
 
+    /**
+     * Creates an immutable ConfigAttributeDefinition from the supplied list of <tt>ConfigAttribute</tt> objects.
+     */
+    public ConfigAttributeDefinition(List configAttributes) {
+        Iterator attributes = configAttributes.iterator();
+        while (attributes.hasNext()) {
+            Assert.isInstanceOf(ConfigAttribute.class, attributes.next(),
+                    "List entries must be of type ConfigAttribute");
+        }
+
+        this.configAttributes = Collections.unmodifiableList(new ArrayList(configAttributes));
+    }
+
+    //~ Methods ========================================================================================================
+
     /**
      * Indicates whether the specified <code>ConfigAttribute</code> is contained within this
      * <code>ConfigAttributeDefinition</code>.
@@ -67,53 +116,27 @@ public class ConfigAttributeDefinition implements Serializable {
     }
 
     public boolean equals(Object obj) {
-        if (obj instanceof ConfigAttributeDefinition) {
+        if (!(obj instanceof ConfigAttributeDefinition)) {
-            ConfigAttributeDefinition test = (ConfigAttributeDefinition) obj;
+            return false;
-
-            List testAttrs = new Vector();
-            Iterator iter = test.getConfigAttributes();
-
-            while (iter.hasNext()) {
-                ConfigAttribute attr = (ConfigAttribute) iter.next();
-                testAttrs.add(attr);
-            }
-
-            if (this.configAttributes.size() != testAttrs.size()) {
-                return false;
-            }
-
-            for (int i = 0; i < this.configAttributes.size(); i++) {
-                if (!this.configAttributes.get(i).equals(testAttrs.get(i))) {
-                    return false;
-                }
-            }
-
-            return true;
         }
 
-        return false;
+        ConfigAttributeDefinition test = (ConfigAttributeDefinition) obj;
-    }
 
-    /**
+        return configAttributes.equals(test.configAttributes);
-     * Returns an <code>Iterator</code> over all the <code>ConfigAttribute</code>s defined by this
-     * <code>ConfigAttributeDefinition</code>.<P>Allows <code>AccessDecisionManager</code>s and other classes
-     * to loop through every configuration attribute associated with a target secure object.</p>
-     *
-     * @return all the configuration attributes stored by the instance, or <code>null</code> if an
-     *         <code>Iterator</code> is unavailable
-     */
-    public Iterator getConfigAttributes() {
-        return this.configAttributes.iterator();
     }
 
     /**
-     * Returns the number of <code>ConfigAttribute</code>s defined by this
+     * Returns the internal collection of <code>ConfigAttribute</code>s defined by this
      * <code>ConfigAttributeDefinition</code>.
+     * <p>
+     * Allows <code>AccessDecisionManager</code>s and other classes to loop through every configuration attribute
+     * associated with a target secure object.
      *
-     * @return the number of <code>ConfigAttribute</code>s contained
+     * @return all the configuration attributes stored by the instance, or <code>null</code> if an
+     *         <code>Iterator</code> is unavailable
      */
-    public int size() {
+    public Collection getConfigAttributes() {
-        return configAttributes.size();
+        return this.configAttributes;
     }
 
     public String toString() {

core/src/main/java/org/springframework/security/ConfigAttributeEditor.java

@@ -18,6 +18,8 @@ package org.springframework.security;
 import org.springframework.util.StringUtils;
 
 import java.beans.PropertyEditorSupport;
+import java.util.List;
+import java.util.ArrayList;
 
 
 /**
@@ -32,17 +34,11 @@ public class ConfigAttributeEditor extends PropertyEditorSupport {
     //~ Methods ========================================================================================================
 
     public void setAsText(String s) throws IllegalArgumentException {
-        if ((s == null) || "".equals(s)) {
+        if (StringUtils.hasText(s)) {
-            setValue(null);
+            setValue(new ConfigAttributeDefinition(StringUtils.commaDelimitedListToStringArray(s)));
         } else {
-            String[] tokens = StringUtils.commaDelimitedListToStringArray(s);
+            setValue(null);
-            ConfigAttributeDefinition configDefinition = new ConfigAttributeDefinition();
-
-            for (int i = 0; i < tokens.length; i++) {
-                configDefinition.addConfigAttribute(new SecurityConfig(tokens[i].trim()));
-            }
 
-            setValue(configDefinition);
         }
     }
 }

core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java

@@ -71,7 +71,7 @@ public class AclEntryAfterInvocationCollectionFilteringProvider extends Abstract
 
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/afterinvocation/AclEntryAfterInvocationProvider.java

@@ -70,7 +70,7 @@ public class AclEntryAfterInvocationProvider extends AbstractAclProvider impleme
 
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProvider.java

@@ -92,7 +92,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProvider implements
 
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProvider.java

@@ -90,7 +90,7 @@ public class BasicAclEntryAfterInvocationProvider implements AfterInvocationProv
 
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/captcha/CaptchaChannelProcessorTemplate.java

@@ -86,7 +86,7 @@ public abstract class CaptchaChannelProcessorTemplate implements ChannelProcesso
         CaptchaSecurityContext context = null;
         context = (CaptchaSecurityContext) SecurityContextHolder.getContext();
 
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java

@@ -224,7 +224,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
 
             while (iter.hasNext()) {
                 ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
-                Iterator attributes = def.getConfigAttributes();
+                Iterator attributes = def.getConfigAttributes().iterator();
 
                 while (attributes.hasNext()) {
                     ConfigAttribute attr = (ConfigAttribute) attributes.next();

core/src/main/java/org/springframework/security/intercept/method/MethodDefinitionAttributes.java

@@ -24,6 +24,8 @@ import java.lang.reflect.Method;
 
 import java.util.Collection;
 import java.util.Iterator;
+import java.util.List;
+import java.util.ArrayList;
 
 
 /**
@@ -56,21 +58,17 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
 
     //~ Methods ========================================================================================================
 
-    private void add(ConfigAttributeDefinition definition, Collection attribs) {
+    private void add(List definition, Collection attribs) {
         for (Iterator iter = attribs.iterator(); iter.hasNext();) {
             Object o = iter.next();
 
             if (o instanceof ConfigAttribute) {
-                definition.addConfigAttribute((ConfigAttribute) o);
+                definition.add(o);
             }
         }
     }
 
-    private void addClassAttributes(ConfigAttributeDefinition definition, Class clazz) {
+    private void addClassAttributes(List definition, Class[] clazz) {
-        addClassAttributes(definition, new Class[] {clazz});
-    }
-
-    private void addClassAttributes(ConfigAttributeDefinition definition, Class[] clazz) {
         for (int i = 0; i < clazz.length; i++) {
             Collection classAttributes = attributes.getAttributes(clazz[i]);
 
@@ -80,7 +78,7 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
         }
     }
 
-    private void addInterfaceMethodAttributes(ConfigAttributeDefinition definition, Method method) {
+    private void addInterfaceMethodAttributes(List definition, Method method) {
         Class[] interfaces = method.getDeclaringClass().getInterfaces();
 
         for (int i = 0; i < interfaces.length; i++) {
@@ -96,7 +94,7 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
         }
     }
 
-    private void addMethodAttributes(ConfigAttributeDefinition definition, Method method) {
+    private void addMethodAttributes(List definition, Method method) {
         // add the method level attributes
         Collection methodAttributes = attributes.getAttributes(method);
 
@@ -110,27 +108,26 @@ public class MethodDefinitionAttributes extends AbstractMethodDefinitionSource {
     }
 
     protected ConfigAttributeDefinition lookupAttributes(Method method) {
-        ConfigAttributeDefinition definition = new ConfigAttributeDefinition();
-
         Class interceptedClass = method.getDeclaringClass();
+        List attributes = new ArrayList();
 
         // add the class level attributes for the implementing class
-        addClassAttributes(definition, interceptedClass);
+        addClassAttributes(attributes, new Class[] {interceptedClass});
 
         // add the class level attributes for the implemented interfaces
-        addClassAttributes(definition, interceptedClass.getInterfaces());
+        addClassAttributes(attributes, interceptedClass.getInterfaces());
 
         // add the method level attributes for the implemented method
-        addMethodAttributes(definition, method);
+        addMethodAttributes(attributes, method);
 
         // add the method level attributes for the implemented intreface methods
-        addInterfaceMethodAttributes(definition, method);
+        addInterfaceMethodAttributes(attributes, method);
 
-        if (definition.size() == 0) {
+        if (attributes.size() == 0) {
             return null;
-        } else {
-            return definition;
         }
+
+        return new ConfigAttributeDefinition(attributes);
     }
 
     public void setAttributes(Attributes attributes) {

core/src/main/java/org/springframework/security/intercept/method/MethodDefinitionMap.java

@@ -15,7 +15,6 @@
 
 package org.springframework.security.intercept.method;
 
-import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.SecurityConfig;
 
@@ -64,6 +63,22 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
 
     //~ Methods ========================================================================================================
 
+    public MethodDefinitionMap() {
+    }
+
+    /**
+     * Creates the MethodDefinitionMap from a
+     * @param methodMap map of method names to <tt>ConfigAttributeDefinition</tt>s.
+     */
+    public MethodDefinitionMap(Map methodMap) {
+        Iterator iterator = methodMap.entrySet().iterator();
+
+        while (iterator.hasNext()) {
+            Map.Entry entry = (Map.Entry) iterator.next();
+            addSecureMethod((String)entry.getKey(), (ConfigAttributeDefinition)entry.getValue());
+        }        
+    }
+
     /**
      * Add configuration attributes for a secure method. Method names can end or start with <code>&#42</code>
      * for matching multiple methods.
@@ -192,11 +207,10 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
     }
 
     protected ConfigAttributeDefinition lookupAttributes(Method method) {
-        ConfigAttributeDefinition definition = new ConfigAttributeDefinition();
+        List attributesToReturn = new ArrayList();
 
         // Add attributes explictly defined for this method invocation
-        ConfigAttributeDefinition directlyAssigned = (ConfigAttributeDefinition) this.methodMap.get(method);
+        merge(attributesToReturn, (ConfigAttributeDefinition) this.methodMap.get(method));
-        merge(definition, directlyAssigned);
 
         // Add attributes explicitly defined for this method invocation's interfaces
         Class[] interfaces = method.getDeclaringClass().getInterfaces();
@@ -209,50 +223,25 @@ public class MethodDefinitionMap extends AbstractMethodDefinitionSource {
                 Method interfaceMethod = clazz.getDeclaredMethod(method.getName(), (Class[]) method.getParameterTypes());
                 ConfigAttributeDefinition interfaceAssigned =
                         (ConfigAttributeDefinition) this.methodMap.get(interfaceMethod);
-                merge(definition, interfaceAssigned);
+                merge(attributesToReturn, interfaceAssigned);
             } catch (Exception e) {
                 // skip this interface
             }
         }
 
         // Return null if empty, as per abstract superclass contract
-        if (definition.size() == 0) {
+        if (attributesToReturn.size() == 0) {
             return null;
-        } else {
-            return definition;
         }
+
+        return new ConfigAttributeDefinition(attributesToReturn);
     }
 
-    private void merge(ConfigAttributeDefinition definition, ConfigAttributeDefinition toMerge) {
+    private void merge(List attributes, ConfigAttributeDefinition toMerge) {
         if (toMerge == null) {
             return;
         }
 
-        Iterator attribs = toMerge.getConfigAttributes();
+        attributes.addAll(toMerge.getConfigAttributes());
-
-        while (attribs.hasNext()) {
-            definition.addConfigAttribute((ConfigAttribute) attribs.next());
-        }
-    }
-
-    /**
-     * Easier configuration of the instance, using {@link MethodDefinitionSourceMapping}.
-     *
-     * @param mappings {@link List} of {@link MethodDefinitionSourceMapping} objects.
-     */
-    public void setMappings(List mappings) {
-        Iterator it = mappings.iterator();
-        while (it.hasNext()) {
-            MethodDefinitionSourceMapping mapping = (MethodDefinitionSourceMapping) it.next();
-            ConfigAttributeDefinition configDefinition = new ConfigAttributeDefinition();
-
-            Iterator configAttributesIt = mapping.getConfigAttributes().iterator();
-            while (configAttributesIt.hasNext()) {
-                String s = (String) configAttributesIt.next();
-                configDefinition.addConfigAttribute(new SecurityConfig(s));
-            }
-
-            addSecureMethod(mapping.getMethodName(), configDefinition);
-        }
     }
 }

core/src/main/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditor.java

@@ -15,6 +15,8 @@
 
 package org.springframework.security.intercept.method;
 
+import org.springframework.security.ConfigAttributeDefinition;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -27,6 +29,8 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Properties;
+import java.util.Map;
+import java.util.LinkedHashMap;
 
 
 /**
@@ -44,38 +48,29 @@ public class MethodDefinitionSourceEditor extends PropertyEditorSupport {
     //~ Methods ========================================================================================================
 
     public void setAsText(String s) throws IllegalArgumentException {
-        MethodDefinitionMap source = new MethodDefinitionMap();
-
         if ((s == null) || "".equals(s)) {
-            // Leave value in property editor null
+            setValue(new MethodDefinitionMap());
-        } else {
+            return;
-            // Use properties editor to tokenize the string
+        }
-            PropertiesEditor propertiesEditor = new PropertiesEditor();
-            propertiesEditor.setAsText(s);
-
-            Properties props = (Properties) propertiesEditor.getValue();
 
-            // Now we have properties, process each one individually
+        // Use properties editor to tokenize the string
-            List mappings = new ArrayList();
+        PropertiesEditor propertiesEditor = new PropertiesEditor();
+        propertiesEditor.setAsText(s);
 
-            for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
+        Properties props = (Properties) propertiesEditor.getValue();
-                String name = (String) iter.next();
-                String value = props.getProperty(name);
 
-                MethodDefinitionSourceMapping mapping = new MethodDefinitionSourceMapping();
+        // Now we have properties, process each one individually
-                mapping.setMethodName(name);
+        Map mappings = new LinkedHashMap();
 
-                String[] tokens = StringUtils.commaDelimitedListToStringArray(value);
+        for (Iterator iter = props.keySet().iterator(); iter.hasNext();) {
+            String name = (String) iter.next();
+            String value = props.getProperty(name);
 
-                for (int i = 0; i < tokens.length; i++) {
+            String[] tokens = StringUtils.commaDelimitedListToStringArray(value);
-                    mapping.addConfigAttribute(tokens[i].trim());
-                }
 
-                mappings.add(mapping);
+            mappings.put(name, new ConfigAttributeDefinition(tokens));
-            }
-            source.setMappings(mappings);
         }
 
-        setValue(source);
+        setValue(new MethodDefinitionMap(mappings));
     }
 }

core/src/main/java/org/springframework/security/intercept/method/MethodDefinitionSourceMapping.java

@@ -1,82 +0,0 @@
-/* Copyright 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.method;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.springframework.security.ConfigAttribute;
-
-/**
- * Configuration entry for {@link MethodDefinitionSource}, that holds
- * the method to be protected and the {@link ConfigAttribute}s as {@link String}
- * that apply to that url.
- *
- * @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
- * @version $Id$
- * @since 1.1
- */
-public class MethodDefinitionSourceMapping {
-
-    private String methodName;
-
-    private List configAttributes = new ArrayList();
-
-    /**
-     * Name of the method to be secured, including package and class name.
-     * eg. <code>org.mydomain.MyClass.myMethod</code>
-     *
-     * @param methodName
-     */
-    public void setMethodName(String methodName) {
-        this.methodName = methodName;
-    }
-
-    /**
-     * Name of the method to be secured.
-     *
-     * @return the name of the method
-     */
-    public String getMethodName() {
-        return methodName;
-    }
-
-    /**
-     *
-     * @param roles {@link List}&lt;{@link String}>
-     */
-    public void setConfigAttributes(List roles) {
-        this.configAttributes = roles;
-    }
-
-    /**
-     *
-     * @return {@link List}&lt;{@link String}>
-     */
-    public List getConfigAttributes() {
-        return configAttributes;
-    }
-
-    /**
-     * Add a {@link ConfigAttribute} as {@link String}
-     *
-     * @param configAttribute
-     */
-    public void addConfigAttribute(String configAttribute) {
-        configAttributes.add(configAttribute);
-    }
-
-}

core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java

@@ -79,6 +79,17 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
         this.urlMatcher = urlMatcher;
     }
 
+    public DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher, LinkedHashMap requestMap) {
+        this.urlMatcher = urlMatcher;
+
+        Iterator iterator = requestMap.entrySet().iterator();
+
+        while (iterator.hasNext()) {
+            Map.Entry entry = (Map.Entry) iterator.next();
+            addSecureUrl((String)entry.getKey(), (ConfigAttributeDefinition)entry.getValue());
+        }
+    }
+
     //~ Methods ========================================================================================================
 
     public void addSecureUrl(String pattern, ConfigAttributeDefinition attr) {
@@ -212,31 +223,6 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation
         return null;
     }
 
-    /**
-     * Allows or easier configuration using {@link FilterInvocationDefinitionSourceMapping}.
-     *
-     * @param mappings
-     *            {@link java.util.List} of
-     *            {@link FilterInvocationDefinitionSourceMapping} objects.
-     */
-    void setMappings(List mappings) {
-        Iterator it = mappings.iterator();
-
-        while (it.hasNext()) {
-            FilterInvocationDefinitionSourceMapping mapping = (FilterInvocationDefinitionSourceMapping) it.next();
-            ConfigAttributeDefinition configDefinition = new ConfigAttributeDefinition();
-
-            Iterator configAttributesIt = mapping.getConfigAttributes().iterator();
-            while (configAttributesIt.hasNext()) {
-                String s = (String) configAttributesIt.next();
-                configDefinition.addConfigAttribute(new SecurityConfig(s));
-            }
-
-            addSecureUrl(mapping.getUrl(), configDefinition);
-        }
-    }
-
-
     public boolean supports(Class clazz) {
         return FilterInvocation.class.isAssignableFrom(clazz);
     }

core/src/main/java/org/springframework/security/intercept/web/FIDSToFilterChainMapConverter.java

@@ -41,7 +41,7 @@ public class FIDSToFilterChainMapConverter {
             ConfigAttributeDefinition configAttributeDefinition = (ConfigAttributeDefinition) requestMap.get(entry);
 
             List filters = new ArrayList();
-            Iterator attributes = configAttributeDefinition.getConfigAttributes();
+            Iterator attributes = configAttributeDefinition.getConfigAttributes().iterator();
 
             while (attributes.hasNext()) {
                 ConfigAttribute attr = (ConfigAttribute) attributes.next();

core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditor.java

@@ -19,13 +19,13 @@ import java.beans.PropertyEditorSupport;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
-import java.util.ArrayList;
+import java.util.LinkedHashMap;
-import java.util.List;
 
 import org.springframework.security.util.StringSplitUtils;
 import org.springframework.security.util.RegexUrlPathMatcher;
 import org.springframework.security.util.UrlMatcher;
 import org.springframework.security.util.AntUrlPathMatcher;
+import org.springframework.security.ConfigAttributeDefinition;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -85,29 +85,11 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
             }
         }
 
-        UrlMatcher matcher;
-
-        if (useAnt) {
-            matcher = new AntUrlPathMatcher();
-            ((AntUrlPathMatcher)matcher).setRequiresLowerCaseUrl(converUrlToLowerCase);
-
-        } else {
-            matcher = new RegexUrlPathMatcher();
-            ((RegexUrlPathMatcher)matcher).setRequiresLowerCaseUrl(converUrlToLowerCase);
-        }
-
-        DefaultFilterInvocationDefinitionSource fids = new DefaultFilterInvocationDefinitionSource(matcher);
-
-        if (useAnt) {
-            fids.setStripQueryStringFromUrls(true);
-        }
-
-
         BufferedReader br = new BufferedReader(new StringReader(s));
         int counter = 0;
         String line;
 
-        List mappings = new ArrayList();
+        LinkedHashMap urlMap = new LinkedHashMap();
 
         while (true) {
             counter++;
@@ -183,19 +165,33 @@ public class FilterInvocationDefinitionSourceEditor extends PropertyEditorSuppor
                 }
             }
 
-            FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
-            mapping.setUrl(name);
-
             String[] tokens = StringUtils.commaDelimitedListToStringArray(value);
 
-            for (int i = 0; i < tokens.length; i++) {
+            urlMap.put(name, new ConfigAttributeDefinition(tokens));
-                mapping.addConfigAttribute(tokens[i].trim());
+        }
-            }
+
+        DefaultFilterInvocationDefinitionSource fids =
+                new DefaultFilterInvocationDefinitionSource(createMatcher(useAnt, converUrlToLowerCase), urlMap);
 
-            mappings.add(mapping);
+        if (useAnt) {
+            fids.setStripQueryStringFromUrls(true);
         }
-        fids.setMappings(mappings);
 
         setValue(fids);
     }
+
+    private UrlMatcher createMatcher(boolean useAnt, boolean converUrlToLowerCase) {
+        UrlMatcher matcher;
+
+        if (useAnt) {
+            matcher = new AntUrlPathMatcher();
+            ((AntUrlPathMatcher)matcher).setRequiresLowerCaseUrl(converUrlToLowerCase);
+
+        } else {
+            matcher = new RegexUrlPathMatcher();
+            ((RegexUrlPathMatcher)matcher).setRequiresLowerCaseUrl(converUrlToLowerCase);
+        }
+
+        return matcher;
+    }
 }

core/src/main/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceMapping.java

@@ -1,81 +0,0 @@
-/* Copyright 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.intercept.web;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.springframework.security.ConfigAttribute;
-
-/**
- * Configuration entry for {@link FilterInvocationDefinitionSource}, that holds
- * the url to be protected and the {@link ConfigAttribute}s as {@link String}
- * that apply to that url.
- *
- * @author <a href="mailto:carlos@apache.org">Carlos Sanchez</a>
- * @version $Id$
- * @since 1.1
- */
-class FilterInvocationDefinitionSourceMapping {
-
-    private String url;
-
-    private List configAttributes = new ArrayList();
-
-    /**
-     * Url to be secured.
-     *
-     * @param url
-     */
-    public void setUrl(String url) {
-        this.url = url;
-    }
-
-    /**
-     * Url to be secured.
-     *
-     * @return the url
-     */
-    public String getUrl() {
-        return url;
-    }
-
-    /**
-     *
-     * @param roles {@link List}&lt;{@link String}>
-     */
-    public void setConfigAttributes(List roles) {
-        this.configAttributes = roles;
-    }
-
-    /**
-     *
-     * @return {@link List}&lt;{@link String}>
-     */
-    public List getConfigAttributes() {
-        return configAttributes;
-    }
-
-    /**
-     * Add a {@link ConfigAttribute} as {@link String}
-     *
-     * @param configAttribute
-     */
-    public void addConfigAttribute(String configAttribute) {
-        configAttributes.add(configAttribute);
-    }
-
-}

core/src/main/java/org/springframework/security/runas/RunAsManagerImpl.java

@@ -66,7 +66,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 
     public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
         List newAuthorities = new Vector();
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/securechannel/ChannelDecisionManagerImpl.java

@@ -68,7 +68,7 @@ public class ChannelDecisionManagerImpl implements ChannelDecisionManager, Initi
     public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
             throws IOException, ServletException {
 
-        Iterator attrs = config.getConfigAttributes();
+        Iterator attrs = config.getConfigAttributes().iterator();
 
         while (attrs.hasNext()) {
 			ConfigAttribute attribute = (ConfigAttribute) attrs.next();

core/src/main/java/org/springframework/security/securechannel/ChannelProcessingFilter.java

@@ -81,7 +81,7 @@ public class ChannelProcessingFilter extends SpringSecurityFilter implements Ini
 
         while (iter.hasNext()) {
             ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
-            Iterator attributes = def.getConfigAttributes();
+            Iterator attributes = def.getConfigAttributes().iterator();
 
             while (attributes.hasNext()) {
                 ConfigAttribute attr = (ConfigAttribute) attributes.next();

core/src/main/java/org/springframework/security/securechannel/InsecureChannelProcessor.java

@@ -61,7 +61,7 @@ public class InsecureChannelProcessor implements InitializingBean, ChannelProces
             throw new IllegalArgumentException("Nulls cannot be provided");
         }
 
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/securechannel/SecureChannelProcessor.java

@@ -59,7 +59,7 @@ public class SecureChannelProcessor implements InitializingBean, ChannelProcesso
         throws IOException, ServletException {
         Assert.isTrue((invocation != null) && (config != null), "Nulls cannot be provided");
 
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/userdetails/CachingUserDetailsService.java

@@ -0,0 +1,8 @@
+package org.springframework.security.userdetails;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public interface CachingUserDetailsService extends UserDetailsService, UserDetailsCache {
+}

core/src/main/java/org/springframework/security/userdetails/UserDetailsCache.java

@@ -0,0 +1,14 @@
+package org.springframework.security.userdetails;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public interface UserDetailsCache {
+
+    boolean userIsCached(String username);
+
+    void removeUserFromCache(String username);
+
+    void clearCache();    
+}

core/src/main/java/org/springframework/security/userdetails/decorator/CacheEnabledUserDetailsService.java

@@ -0,0 +1,8 @@
+package org.springframework.security.userdetails.decorator;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class CacheEnabledUserDetailsService {
+}

core/src/main/java/org/springframework/security/vote/AclEntryVoter.java

@@ -144,7 +144,7 @@ public class AclEntryVoter extends AbstractAclVoter {
     }
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/AuthenticatedVoter.java

@@ -87,7 +87,7 @@ public class AuthenticatedVoter implements AccessDecisionVoter {
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
         int result = ACCESS_ABSTAIN;
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/BasicAclEntryVoter.java

@@ -163,7 +163,7 @@ public class BasicAclEntryVoter extends AbstractAclVoter implements Initializing
     }
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/LabelBasedAclVoter.java

@@ -182,7 +182,7 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
             logger.debug("==========================================================");
         }
 
-        if (this.supports((ConfigAttribute) config.getConfigAttributes().next())) {
+        if (this.supports((ConfigAttribute) config.getConfigAttributes().iterator().next())) {
             result = ACCESS_DENIED;
 
             /* Parse out the user's labels by examining the security context, and checking
@@ -267,27 +267,15 @@ public class LabelBasedAclVoter extends AbstractAclVoter {
         if (logger.isDebugEnabled()) {
             switch (result) {
             case ACCESS_GRANTED:
-
+                logger.debug("===== Access is granted =====");
-                if (logger.isDebugEnabled()) {
-                    logger.debug("===== Access is granted =====");
-                }
-
                 break;
 
             case ACCESS_DENIED:
-
+                logger.debug("===== Access is denied =====");
-                if (logger.isDebugEnabled()) {
-                    logger.debug("===== Access is denied =====");
-                }
-
                 break;
 
             case ACCESS_ABSTAIN:
-
+                logger.debug("===== Abstaining =====");
-                if (logger.isDebugEnabled()) {
-                    logger.debug("===== Abstaining =====");
-                }
-
                 break;
             }
         }

core/src/main/java/org/springframework/security/vote/RoleVoter.java

@@ -93,7 +93,7 @@ public class RoleVoter implements AccessDecisionVoter {
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
         int result = ACCESS_ABSTAIN;
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/main/java/org/springframework/security/vote/UnanimousBased.java

@@ -21,6 +21,7 @@ import org.springframework.security.ConfigAttribute;
 import org.springframework.security.ConfigAttributeDefinition;
 
 import java.util.Iterator;
+import java.util.Arrays;
 
 
 /**
@@ -32,8 +33,9 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 
     /**
      * This concrete implementation polls all configured  {@link AccessDecisionVoter}s for each {@link
-     * ConfigAttribute} and grants access if <b>only</b> grant votes were received.<p>Other voting
+     * ConfigAttribute} and grants access if <b>only</b> grant votes were received.
-     * implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
+     * <p>
+     * Other voting implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
      * <code>AccessDecisionVoter</code>. This implementation differs in that each <code>AccessDecisionVoter</code>
      * knows only about a single <code>ConfigAttribute</code> at a time.</p>
      *  <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
@@ -46,21 +48,22 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
      * @throws AccessDeniedException if access is denied
      */
     public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
+             throws AccessDeniedException {
+
         int grant = 0;
         int abstain = 0;
 
-        Iterator configIter = config.getConfigAttributes();
+        Iterator configIter = config.getConfigAttributes().iterator();
 
         while (configIter.hasNext()) {
-            ConfigAttributeDefinition thisDef = new ConfigAttributeDefinition();
+            ConfigAttributeDefinition singleAttrDef =
-            thisDef.addConfigAttribute((ConfigAttribute) configIter.next());
+                    new ConfigAttributeDefinition((ConfigAttribute) configIter.next());
 
             Iterator voters = this.getDecisionVoters().iterator();
 
             while (voters.hasNext()) {
                 AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
-                int result = voter.vote(authentication, object, thisDef);
+                int result = voter.vote(authentication, object, singleAttrDef);
 
                 switch (result) {
                 case AccessDecisionVoter.ACCESS_GRANTED:

core/src/test/java/org/springframework/security/ConfigAttributeEditorTests.java

@@ -28,6 +28,8 @@ import java.util.Iterator;
  * @version $Id$
  */
 public class ConfigAttributeEditorTests extends TestCase {
+    private static final String[] ATTRIBUTES = new String[] {"A", "B"};
+
     //~ Constructors ===================================================================================================
 
     public ConfigAttributeEditorTests() {
@@ -40,20 +42,12 @@ public class ConfigAttributeEditorTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(ConfigAttributeEditorTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testCorrectOperation() {
         ConfigAttributeEditor editor = new ConfigAttributeEditor();
         editor.setAsText("HELLO,DOCTOR,NAME,YESTERDAY,TOMORROW");
 
         ConfigAttributeDefinition result = (ConfigAttributeDefinition) editor.getValue();
-        Iterator iter = result.getConfigAttributes();
+        Iterator iter = result.getConfigAttributes().iterator();
         int position = 0;
 
         while (iter.hasNext()) {
@@ -63,7 +57,7 @@ public class ConfigAttributeEditorTests extends TestCase {
 
         assertEquals(5, position);
 
-        assertEquals(5, result.size());
+        assertEquals(5, result.getConfigAttributes().size());
 
         assertTrue(result.contains(new SecurityConfig("HELLO")));
         assertTrue(result.contains(new SecurityConfig("TOMORROW")));
@@ -79,46 +73,31 @@ public class ConfigAttributeEditorTests extends TestCase {
     }
 
     public void testEqualsHandlingWhenDifferentObjectTypes() {
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition(ATTRIBUTES);
-        def1.addConfigAttribute(new SecurityConfig("A"));
-        def1.addConfigAttribute(new SecurityConfig("B"));
 
         assertTrue(!def1.equals("A_STRING"));
     }
 
     public void testEqualsHandlingWhenExactlyEqual() {
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition(ATTRIBUTES);
-        def1.addConfigAttribute(new SecurityConfig("A"));
+        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(ATTRIBUTES);
-        def1.addConfigAttribute(new SecurityConfig("B"));
-
-        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition();
-        def2.addConfigAttribute(new SecurityConfig("A"));
-        def2.addConfigAttribute(new SecurityConfig("B"));
 
         assertEquals(def1, def2);
     }
 
     public void testEqualsHandlingWhenOrderingNotEqual() {
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition(ATTRIBUTES);
-        def1.addConfigAttribute(new SecurityConfig("A"));
+        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"B", "A"});
-        def1.addConfigAttribute(new SecurityConfig("B"));
 
-        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition();
+        assertFalse(def1.equals(def2));
-        def2.addConfigAttribute(new SecurityConfig("B"));
-        def2.addConfigAttribute(new SecurityConfig("A"));
-
-        assertTrue(!def1.equals(def2));
     }
 
     public void testEqualsHandlingWhenTestObjectHasNoAttributes() {
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition(ATTRIBUTES);
-        def1.addConfigAttribute(new SecurityConfig("A"));
+        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {});
-        def1.addConfigAttribute(new SecurityConfig("B"));
-
-        ConfigAttributeDefinition def2 = new ConfigAttributeDefinition();
 
-        assertTrue(!def1.equals(def2));
+        assertFalse(def1.equals(def2));
-        assertTrue(!def2.equals(def1));
+        assertFalse(def2.equals(def1));
     }
 
     public void testNullReturnsNull() {
@@ -134,7 +113,7 @@ public class ConfigAttributeEditorTests extends TestCase {
         editor.setAsText("  HELLO, DOCTOR,NAME,  YESTERDAY ,TOMORROW ");
 
         ConfigAttributeDefinition result = (ConfigAttributeDefinition) editor.getValue();
-        Iterator iter = result.getConfigAttributes();
+        Iterator iter = result.getConfigAttributes().iterator();
 
         ArrayList list = new ArrayList();
 

core/src/test/java/org/springframework/security/MockAccessDecisionManager.java

@@ -30,7 +30,7 @@ public class MockAccessDecisionManager implements AccessDecisionManager {
 
     public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
         throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/MockAfterInvocationManager.java

@@ -29,7 +29,7 @@ public class MockAfterInvocationManager implements AfterInvocationManager {
 
     public Object decide(Authentication authentication, Object object, ConfigAttributeDefinition config,
         Object returnedObject) throws AccessDeniedException {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/MockRunAsManager.java

@@ -29,7 +29,7 @@ public class MockRunAsManager implements RunAsManager {
     //~ Methods ========================================================================================================
 
     public Authentication buildRunAs(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attr = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/afterinvocation/AfterInvocationProviderManagerTests.java

@@ -70,21 +70,11 @@ public class AfterInvocationProviderManagerTests extends TestCase {
         assertEquals(list, manager.getProviders());
         manager.afterPropertiesSet();
 
-        ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr1 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP1"});
-        attr1.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP1"));
+        ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2"});
-
+        ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP3"});
-        ConfigAttributeDefinition attr2 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition(new String[] {"GIVE_ME_SWAP2","GIVE_ME_SWAP3"});
-        attr2.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP2"));
+        ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition(new String[] {"NEVER_CAUSES_SWAP"});
-
-        ConfigAttributeDefinition attr3 = new ConfigAttributeDefinition();
-        attr3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP3"));
-
-        ConfigAttributeDefinition attr2and3 = new ConfigAttributeDefinition();
-        attr2and3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP2"));
-        attr2and3.addConfigAttribute(new SecurityConfig("GIVE_ME_SWAP3"));
-
-        ConfigAttributeDefinition attr4 = new ConfigAttributeDefinition();
-        attr4.addConfigAttribute(new SecurityConfig("NEVER_CAUSES_SWAP"));
 
         assertEquals("swap1", manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping"));
 

core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationCollectionFilteringProviderTests.java

@@ -20,8 +20,6 @@ import junit.framework.TestCase;
 import org.springframework.security.AuthorizationServiceException;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockAclManager;
-import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
 import org.springframework.security.acl.basic.MockAclObjectIdentity;
@@ -54,14 +52,6 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(BasicAclEntryAfterInvocationCollectionFilteringProviderTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject()
         throws Exception {
         // Create an AclManager, granting scott only ADMINISTRATION rights
@@ -83,8 +73,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -117,8 +106,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -152,8 +140,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -188,8 +175,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         String[] filteredList = (String[]) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
@@ -215,8 +201,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         try {
@@ -244,8 +229,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, null);
@@ -253,8 +237,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
         assertNull(filteredList);
     }
 
-    public void testRespectsModificationsToProcessConfigAttribute()
+    public void testRespectsModificationsToProcessConfigAttribute() throws Exception {
-        throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("sydney", "rod",
                 new AclEntry[] {
@@ -279,14 +262,14 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // As no matching config attrib, ensure provider doesn't change list
         assertEquals(4, ((List) provider.decide(auth, new SimpleMethodInvocation(), attr, list)).size());
 
         // Filter, this time with the conf attrib provider setup to answer
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
+        attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_ADMIN");
+        //attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_ADMIN"));
 
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);
 
@@ -320,8 +303,7 @@ public class BasicAclEntryAfterInvocationCollectionFilteringProviderTests extend
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_COLLECTION_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_COLLECTION_READ"));
 
         // Filter
         List filteredList = (List) provider.decide(auth, new SimpleMethodInvocation(), attr, list);

core/src/test/java/org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.java

@@ -20,8 +20,6 @@ import junit.framework.TestCase;
 import org.springframework.security.AccessDeniedException;
 import org.springframework.security.ConfigAttributeDefinition;
 import org.springframework.security.MockAclManager;
-import org.springframework.security.SecurityConfig;
-
 import org.springframework.security.acl.AclEntry;
 import org.springframework.security.acl.AclManager;
 import org.springframework.security.acl.basic.MockAclObjectIdentity;
@@ -39,32 +37,15 @@ import org.springframework.security.util.SimpleMethodInvocation;
  * @version $Id$
  */
 public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public BasicAclEntryAfterInvocationProviderTests() {
-        super();
-    }
-
-    public BasicAclEntryAfterInvocationProviderTests(String arg0) {
-        super(arg0);
-    }
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(BasicAclEntryAfterInvocationProviderTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject()
         throws Exception {
         // Create an AclManager, granting scott only ADMINISTRATION rights
         AclManager aclManager = new MockAclManager("belmont", "scott",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new SimpleAclEntry("scott", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION)
+                        new SimpleAclEntry("scott", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION)
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
@@ -73,8 +54,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         try {
             provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -88,11 +68,11 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
         throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("belmont", "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
@@ -101,8 +81,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("scott", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         try {
             provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont");
@@ -116,11 +95,11 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
         throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("belmont", "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
@@ -130,8 +109,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         // Filter
         assertEquals("belmont", provider.decide(auth, new SimpleMethodInvocation(), attr, "belmont"));
@@ -141,11 +119,11 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
         throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("belmont", "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE),
-                    new MockAclEntry()
+                        new MockAclEntry()
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
@@ -154,8 +132,7 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         // Filter
         assertNull(provider.decide(auth, new SimpleMethodInvocation(), attr, null));
@@ -165,9 +142,9 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
         throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("sydney", "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new MockAclEntry()
+                        new MockAclEntry()
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
@@ -179,14 +156,13 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         // As no matching config attrib, ensure provider returns original obj
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
 
         // Filter, this time with the conf attrib provider setup to answer
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_ADMIN"));
+        attr = new ConfigAttributeDefinition("AFTER_ACL_ADMIN");
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));
     }
 
@@ -194,22 +170,21 @@ public class BasicAclEntryAfterInvocationProviderTests extends TestCase {
         throws Exception {
         // Create an AclManager
         AclManager aclManager = new MockAclManager("sydney", "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new MockAclEntry()
+                        new MockAclEntry()
                 });
 
         BasicAclEntryAfterInvocationProvider provider = new BasicAclEntryAfterInvocationProvider();
         provider.setAclManager(aclManager);
         assertEquals(SimpleAclEntry.READ, provider.getRequirePermission()[0]);
-        provider.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION});
+        provider.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION});
         assertEquals(SimpleAclEntry.ADMINISTRATION, provider.getRequirePermission()[0]);
         provider.afterPropertiesSet();
 
         // Create the Authentication and Config Attribs we'll be presenting
         UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("AFTER_ACL_READ");
-        attr.addConfigAttribute(new SecurityConfig("AFTER_ACL_READ"));
 
         // Filter
         assertEquals("sydney", provider.decide(auth, new SimpleMethodInvocation(), attr, "sydney"));

core/src/test/java/org/springframework/security/captcha/CaptchaChannelProcessorTemplateTests.java

@@ -68,8 +68,7 @@ public class CaptchaChannelProcessorTemplateTests extends TestCase {
         CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
         processor.setKeyword("X");
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("Y");
-        cad.addConfigAttribute(new SecurityConfig("Y"));
 
         CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
         SecurityContextHolder.setContext(context);
@@ -135,9 +134,7 @@ public class CaptchaChannelProcessorTemplateTests extends TestCase {
         CaptchaChannelProcessorTemplate processor = new TestHumanityCaptchaChannelProcessor();
         processor.setKeyword("X");
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("X");
-        cad.addConfigAttribute(new SecurityConfig("X"));
-
         CaptchaSecurityContext context = new CaptchaSecurityContextImpl();
         SecurityContextHolder.setContext(context);
 

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -133,13 +133,13 @@ public class HttpSecurityBeanDefinitionParserTests {
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
 
         FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
-        ConfigAttributeDefinition attrs = fids.getAttributes(createFilterinvocation("/Secure", null));
+        ConfigAttributeDefinition attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
-        assertEquals(2, attrs.size());
+        assertEquals(2, attrDef.getConfigAttributes().size());
-        assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
+        assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
-        assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
+        assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
-        attrs = fids.getAttributes(createFilterinvocation("/secure", null));
+        attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
-        assertEquals(1, attrs.size());
+        assertEquals(1, attrDef.getConfigAttributes().size());
-        assertTrue(attrs.contains(new SecurityConfig("ROLE_C")));
+        assertTrue(attrDef.contains(new SecurityConfig("ROLE_C")));
     }
 
     @Test
@@ -154,7 +154,7 @@ public class HttpSecurityBeanDefinitionParserTests {
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
         FilterInvocationDefinitionSource fids = fis.getObjectDefinitionSource();
         ConfigAttributeDefinition attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
-        assertEquals(2, attrs.size());
+        assertEquals(2, attrs.getConfigAttributes().size());
         assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
         assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
     }

core/src/test/java/org/springframework/security/event/authorization/AuthenticationCredentialsNotFoundEventTests.java

@@ -42,13 +42,9 @@ public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AuthenticationCredentialsNotFoundEventTests.class);
-    }
-
     public void testRejectsNulls() {
         try {
-            new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(),
+            new AuthenticationCredentialsNotFoundEvent(null, new ConfigAttributeDefinition(new String[] {}),
                 new AuthenticationCredentialsNotFoundException("test"));
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -64,7 +60,7 @@ public class AuthenticationCredentialsNotFoundEventTests extends TestCase {
         }
 
         try {
-            new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(),
+            new AuthenticationCredentialsNotFoundEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(new String[] {}),
                 null);
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {

core/src/test/java/org/springframework/security/event/authorization/AuthorizationFailureEventTests.java

@@ -52,7 +52,7 @@ public class AuthorizationFailureEventTests extends TestCase {
 
     public void testRejectsNulls() {
         try {
-            new AuthorizationFailureEvent(null, new ConfigAttributeDefinition(),
+            new AuthorizationFailureEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
                 new UsernamePasswordAuthenticationToken("foo", "bar"), new AccessDeniedException("error"));
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -68,7 +68,7 @@ public class AuthorizationFailureEventTests extends TestCase {
         }
 
         try {
-            new AuthorizationFailureEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(), null,
+            new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null,
                 new AccessDeniedException("error"));
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -76,7 +76,7 @@ public class AuthorizationFailureEventTests extends TestCase {
         }
 
         try {
-            new AuthorizationFailureEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(),
+            new AuthorizationFailureEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES,
                 new UsernamePasswordAuthenticationToken("foo", "bar"), null);
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {

core/src/test/java/org/springframework/security/event/authorization/AuthorizedEventTests.java

@@ -43,13 +43,9 @@ public class AuthorizedEventTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AuthorizedEventTests.class);
-    }
-
     public void testRejectsNulls() {
         try {
-            new AuthorizedEvent(null, new ConfigAttributeDefinition(),
+            new AuthorizedEvent(null, ConfigAttributeDefinition.NO_ATTRIBUTES,
                 new UsernamePasswordAuthenticationToken("foo", "bar"));
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
@@ -65,7 +61,7 @@ public class AuthorizedEventTests extends TestCase {
         }
 
         try {
-            new AuthorizedEvent(new SimpleMethodInvocation(), new ConfigAttributeDefinition(), null);
+            new AuthorizedEvent(new SimpleMethodInvocation(), ConfigAttributeDefinition.NO_ATTRIBUTES, null);
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
             assertTrue(true);

core/src/test/java/org/springframework/security/intercept/InterceptorStatusTokenTests.java

@@ -46,10 +46,6 @@ public class InterceptorStatusTokenTests extends TestCase {
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(InterceptorStatusTokenTests.class);
-    }
-
     public void testNoArgConstructorDoesntExist() {
         Class clazz = InterceptorStatusToken.class;
 
@@ -62,9 +58,7 @@ public class InterceptorStatusTokenTests extends TestCase {
     }
 
     public void testOperation() {
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO");
-        attr.addConfigAttribute(new SecurityConfig("FOO"));
-
         MethodInvocation mi = new SimpleMethodInvocation();
 
         InterceptorStatusToken token = new InterceptorStatusToken(new UsernamePasswordAuthenticationToken("rod",

core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionAttributesTests.java

@@ -71,7 +71,8 @@ public class MethodDefinitionAttributesTests extends TestCase {
     }
 
     private ConfigAttributeDefinition getConfigAttributeDefinition(Class clazz, String methodName, Class[] args)
-        throws Exception {
+            throws Exception {
+        
         final Method method = clazz.getMethod(methodName, args);
         MethodDefinitionAttributes source = new MethodDefinitionAttributes();
         source.setAttributes(new MockAttributes());
@@ -96,8 +97,7 @@ public class MethodDefinitionAttributesTests extends TestCase {
         super.setUp();
     }
 
-    public void testAttributesForInterfaceTargetObject()
+    public void testAttributesForInterfaceTargetObject() throws Exception {
-        throws Exception {
         ConfigAttributeDefinition def1 = getConfigAttributeDefinition(ITargetObject.class, "countLength",
                 new Class[] {String.class});
         Set set1 = toSet(def1);
@@ -190,8 +190,7 @@ public class MethodDefinitionAttributesTests extends TestCase {
         assertEquals("HELLO org.springframework.security.MockRunAsAuthenticationToken true", result);
     }
 
-    public void testMethodCallWithoutRunAsReplacement()
+    public void testMethodCallWithoutRunAsReplacement() throws Exception {
-        throws Exception {
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("MOCK_INTERFACE_METHOD_MAKE_LOWER_CASE")});
         SecurityContextHolder.getContext().setAuthentication(token);
@@ -219,7 +218,7 @@ public class MethodDefinitionAttributesTests extends TestCase {
      */
     private Set toSet(ConfigAttributeDefinition def) {
         Set set = new HashSet();
-        Iterator i = def.getConfigAttributes();
+        Iterator i = def.getConfigAttributes().iterator();
 
         while (i.hasNext()) {
             ConfigAttribute a = (ConfigAttribute) i.next();

core/src/test/java/org/springframework/security/intercept/method/MethodDefinitionSourceEditorTests.java

@@ -64,10 +64,8 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returnedCountLength = map.getAttributes(joinPoint);
 
-        ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedCountLength =
-        expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
+                new ConfigAttributeDefinition(new String[] {"ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"});
-        expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_TWO"));
-        expectedCountLength.addConfigAttribute(new SecurityConfig("RUN_AS_ENTRY"));
         assertEquals(expectedCountLength, returnedCountLength);
     }
 
@@ -115,15 +113,13 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "makeLowerCase", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition("ROLE_FROM_INTERFACE");
-        expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeLower, returnedMakeLower);
 
         ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "makeUpperCase", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition(
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_IMPLEMENTATION"));
+                new String[]{"ROLE_FROM_IMPLEMENTATION","ROLE_FROM_INTERFACE"});
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_FROM_INTERFACE"));
         assertEquals(expectedMakeUpper, returnedMakeUpper);
     }
 
@@ -171,20 +167,17 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returnedMakeLower = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "makeLowerCase", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeLower = new ConfigAttributeDefinition("ROLE_LOWER");
-        expectedMakeLower.addConfigAttribute(new SecurityConfig("ROLE_LOWER"));
         assertEquals(expectedMakeLower, returnedMakeLower);
 
         ConfigAttributeDefinition returnedMakeUpper = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "makeUpperCase", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedMakeUpper = new ConfigAttributeDefinition("ROLE_UPPER");
-        expectedMakeUpper.addConfigAttribute(new SecurityConfig("ROLE_UPPER"));
         assertEquals(expectedMakeUpper, returnedMakeUpper);
 
         ConfigAttributeDefinition returnedCountLength = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "countLength", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition("ROLE_GENERAL");
-        expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_GENERAL"));
         assertEquals(expectedCountLength, returnedCountLength);
     }
 
@@ -215,10 +208,8 @@ public class MethodDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returnedCountLength = map.getAttributes(new MockMethodInvocation(TargetObject.class,
                     "countLength", new Class[] {String.class}));
-        ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expectedCountLength = new ConfigAttributeDefinition(
-        expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
+                new String[] {"ROLE_ONE", "ROLE_TWO", "RUN_AS_ENTRY"});
-        expectedCountLength.addConfigAttribute(new SecurityConfig("ROLE_TWO"));
-        expectedCountLength.addConfigAttribute(new SecurityConfig("RUN_AS_ENTRY"));
         assertEquals(expectedCountLength, returnedCountLength);
     }
 

core/src/test/java/org/springframework/security/intercept/method/MockMethodDefinitionSource.java

@@ -26,7 +26,6 @@ import java.util.Vector;
 
 
 /**
- * DOCUMENT ME!
  *
  * @author Ben Alex
  * @version $Id$
@@ -43,34 +42,23 @@ public class MockMethodDefinitionSource extends AbstractMethodDefinitionSource {
         returnAnIterator = returnAnIteratorWhenRequested;
         list = new Vector();
 
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
-        def1.addConfigAttribute(new SecurityConfig("MOCK_LOWER"));
         list.add(def1);
 
         if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def2 = new ConfigAttributeDefinition();
+            ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER","INVALID_ATTRIBUTE"});
-            def2.addConfigAttribute(new SecurityConfig("MOCK_LOWER"));
-            def2.addConfigAttribute(new SecurityConfig("INVALID_ATTRIBUTE"));
             list.add(def2);
         }
 
-        ConfigAttributeDefinition def3 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER", "RUN_AS_"});
-        def3.addConfigAttribute(new SecurityConfig("MOCK_UPPER"));
-        def3.addConfigAttribute(new SecurityConfig("RUN_AS_"));
         list.add(def3);
 
         if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def4 = new ConfigAttributeDefinition();
+            ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING", "ANOTHER_INVALID"});
-            def4.addConfigAttribute(new SecurityConfig("MOCK_SOMETHING"));
-            def4.addConfigAttribute(new SecurityConfig("ANOTHER_INVALID"));
             list.add(def4);
         }
     }
 
-    private MockMethodDefinitionSource() {
-        super();
-    }
-
     //~ Methods ========================================================================================================
 
     public Iterator getConfigAttributeDefinitions() {

core/src/test/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSourceTests.java

@@ -52,8 +52,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
 
     @Test
     public void lookupNotRequiringExactMatchSuccessIfNotMatching() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/secure/super/**", def);
 
         FilterInvocation fi = createFilterInvocation("/SeCuRE/super/somefile.html", null);
@@ -67,8 +66,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
      */
     @Test
     public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/SeCuRE/super/**", def);
 
         FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null);
@@ -81,8 +79,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
     @Test
     public void lookupRequiringExactMatchFailsIfNotMatching() {
         map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/secure/super/**", def);
 
         FilterInvocation fi = createFilterInvocation("/SeCuRE/super/somefile.html", null);
@@ -94,8 +91,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
     @Test
     public void lookupRequiringExactMatchIsSuccessful() {
         map = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher(false));
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/SeCurE/super/**", def);
 
         FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null);
@@ -106,8 +102,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
 
     @Test
     public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/someAdminPage.html**", def);
 
         FilterInvocation fi = createFilterInvocation("/someAdminPage.html?a=/test", null);
@@ -118,15 +113,13 @@ public class DefaultFilterInvocationDefinitionSourceTests {
 
     @Test(expected = IllegalArgumentException.class)
     public void unknownHttpMethodIsRejected() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/someAdminPage.html**", "UNKNOWN", def);
     }
 
     @Test
     public void httpMethodLookupSucceeds() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/somepage**", "GET", def);
 
         FilterInvocation fi = createFilterInvocation("/somepage", "GET");
@@ -136,8 +129,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
 
     @Test
     public void requestWithDifferentHttpMethodDoesntMatch() {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/somepage**", "GET", def);
 
         FilterInvocation fi = createFilterInvocation("/somepage", null);
@@ -147,15 +139,11 @@ public class DefaultFilterInvocationDefinitionSourceTests {
 
     @Test
     public void httpMethodSpecificUrlTakesPrecedence() {
-
-
         // Even though this is added before the method-specific def, the latter should match
-        ConfigAttributeDefinition allMethodDef = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition allMethodDef = new ConfigAttributeDefinition("ROLE_ONE");
-        allMethodDef.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/**", null, allMethodDef);
 
-        ConfigAttributeDefinition postOnlyDef = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition postOnlyDef = new ConfigAttributeDefinition("ROLE_TWO");
-        postOnlyDef.addConfigAttribute(new SecurityConfig("ROLE_TWO"));
         map.addSecureUrl("/somepage**", "POST", postOnlyDef);
 
         FilterInvocation fi = createFilterInvocation("/somepage", "POST");
@@ -168,8 +156,7 @@ public class DefaultFilterInvocationDefinitionSourceTests {
      */
     @Test
     public void extraQuestionMarkStillMatches() {        
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("ROLE_ONE");
-        def.addConfigAttribute(new SecurityConfig("ROLE_ONE"));
         map.addSecureUrl("/someAdminPage.html*", def);
 
         FilterInvocation fi = createFilterInvocation("/someAdminPage.html?x=2/aa?y=3", null);

core/src/test/java/org/springframework/security/intercept/web/FilterInvocationDefinitionSourceEditorTests.java

@@ -201,9 +201,8 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
         ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                     new MockHttpServletResponse(), new MockFilterChain()));
 
-        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition(
-        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
+                new String[] {"ROLE_WE_DONT_HAVE", "ANOTHER_ROLE"});
-        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
 
         assertEquals(expected, returned);
     }
@@ -220,10 +219,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                     new MockHttpServletResponse(), new MockFilterChain()));
-
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition(new String[] {"ROLE_SUPERVISOR", "ROLE_TELLER"});
-        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
-        expected.addConfigAttribute(new SecurityConfig("ROLE_SUPERVISOR"));
-        expected.addConfigAttribute(new SecurityConfig("ROLE_TELLER"));
 
         assertEquals(expected, returned);
     }
@@ -239,10 +235,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                     new MockHttpServletResponse(), new MockFilterChain()));
-
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition(new String[] {"ROLE_WE_DONT_HAVE", "ANOTHER_ROLE"});
-        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
-        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
-        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
 
         assertEquals(expected, returned);
     }
@@ -258,10 +251,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                     new MockHttpServletResponse(), new MockFilterChain()));
-
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition(new String[] {"ROLE_WE_DONT_HAVE", "ANOTHER_ROLE"});
-        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
-        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
-        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
 
         assertEquals(expected, returned);
     }
@@ -305,10 +295,7 @@ public class FilterInvocationDefinitionSourceEditorTests extends TestCase {
 
         ConfigAttributeDefinition returned = map.getAttributes(new FilterInvocation(httpRequest,
                     new MockHttpServletResponse(), new MockFilterChain()));
-
+        ConfigAttributeDefinition expected = new ConfigAttributeDefinition(new String[] {"ROLE_WE_DONT_HAVE", "ANOTHER_ROLE"});
-        ConfigAttributeDefinition expected = new ConfigAttributeDefinition();
-        expected.addConfigAttribute(new SecurityConfig("ROLE_WE_DONT_HAVE"));
-        expected.addConfigAttribute(new SecurityConfig("ANOTHER_ROLE"));
 
         assertEquals(expected, returned);
     }

core/src/test/java/org/springframework/security/intercept/web/FilterSecurityInterceptorTests.java

@@ -42,6 +42,7 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
+import java.util.LinkedHashMap;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -147,9 +148,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
         interceptor.setApplicationEventPublisher(MockApplicationContext.getContext());
 
         // Setup a mock config attribute definition
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("MOCK_OK");
-        def.addConfigAttribute(new SecurityConfig("MOCK_OK"));
-
         MockFilterInvocationDefinitionMap mockSource = new MockFilterInvocationDefinitionMap("/secure/page.html", def);
         interceptor.setObjectDefinitionSource(mockSource);
 
@@ -202,9 +201,7 @@ public class FilterSecurityInterceptorTests extends TestCase {
         interceptor.setApplicationEventPublisher(MockApplicationContext.getContext());
 
         // Setup a mock config attribute definition
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("MOCK_OK");
-        def.addConfigAttribute(new SecurityConfig("MOCK_OK"));
-
         MockFilterInvocationDefinitionMap mockSource = new MockFilterInvocationDefinitionMap("/secure/page.html", def);
         interceptor.setObjectDefinitionSource(mockSource);
 
@@ -227,19 +224,12 @@ public class FilterSecurityInterceptorTests extends TestCase {
     }
 
     public void testNotLoadedFromApplicationContext() throws Exception {
-        FilterInvocationDefinitionSourceMapping mapping = new FilterInvocationDefinitionSourceMapping();
+        DefaultFilterInvocationDefinitionSource fids
-        mapping.setUrl("/secure/**");
-        mapping.addConfigAttribute("ROLE_USER");
-
-        List mappings = new ArrayList(1);
-        mappings.add(mapping);
-
-        DefaultFilterInvocationDefinitionSource filterInvocationDefinitionSource
                 = new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
-        filterInvocationDefinitionSource.setMappings(mappings);
+        fids.addSecureUrl("/secure/**", null, new ConfigAttributeDefinition(new String[] {"ROLE_USER"}));
 
         FilterSecurityInterceptor filter = new FilterSecurityInterceptor();
-        filter.setObjectDefinitionSource(filterInvocationDefinitionSource);
+        filter.setObjectDefinitionSource(fids);
 
         MockFilterChain filterChain = new MockFilterChain();
         filterChain.expectToProceed = true;

core/src/test/java/org/springframework/security/intercept/web/MockFilterInvocationDefinitionSource.java

@@ -43,26 +43,19 @@ public class MockFilterInvocationDefinitionSource extends DefaultFilterInvocatio
         returnAnIterator = returnAnIteratorWhenRequested;
         list = new Vector();
 
-        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def1 = new ConfigAttributeDefinition("MOCK_LOWER");
-        def1.addConfigAttribute(new SecurityConfig("MOCK_LOWER"));
         list.add(def1);
 
         if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def2 = new ConfigAttributeDefinition();
+            ConfigAttributeDefinition def2 = new ConfigAttributeDefinition(new String[] {"MOCK_LOWER", "INVALID_ATTRIBUTE"});
-            def2.addConfigAttribute(new SecurityConfig("MOCK_LOWER"));
-            def2.addConfigAttribute(new SecurityConfig("INVALID_ATTRIBUTE"));
             list.add(def2);
         }
 
-        ConfigAttributeDefinition def3 = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def3 = new ConfigAttributeDefinition(new String[] {"MOCK_UPPER","RUN_AS"});
-        def3.addConfigAttribute(new SecurityConfig("MOCK_UPPER"));
-        def3.addConfigAttribute(new SecurityConfig("RUN_AS"));
         list.add(def3);
 
         if (includeInvalidAttributes) {
-            ConfigAttributeDefinition def4 = new ConfigAttributeDefinition();
+            ConfigAttributeDefinition def4 = new ConfigAttributeDefinition(new String[] {"MOCK_SOMETHING","ANOTHER_INVALID"});
-            def4.addConfigAttribute(new SecurityConfig("MOCK_SOMETHING"));
-            def4.addConfigAttribute(new SecurityConfig("ANOTHER_INVALID"));
             list.add(def4);
         }
     }

core/src/test/java/org/springframework/security/runas/RunAsManagerImplTests.java

@@ -61,9 +61,7 @@ public class RunAsManagerImplTests extends TestCase {
 
     public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
         throws Exception {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("SOMETHING_WE_IGNORE");
-        def.addConfigAttribute(new SecurityConfig("SOMETHING_WE_IGNORE"));
-
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
 
@@ -75,9 +73,7 @@ public class RunAsManagerImplTests extends TestCase {
     }
 
     public void testRespectsRolePrefix() throws Exception {
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
-        def.addConfigAttribute(new SecurityConfig("RUN_AS_SOMETHING"));
-
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ONE"), new GrantedAuthorityImpl("TWO")});
 
@@ -101,11 +97,8 @@ public class RunAsManagerImplTests extends TestCase {
         assertEquals("my_password".hashCode(), resultCast.getKeyHash());
     }
 
-    public void testReturnsAdditionalGrantedAuthorities()
+    public void testReturnsAdditionalGrantedAuthorities() throws Exception {
-        throws Exception {
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition("RUN_AS_SOMETHING");
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
-        def.addConfigAttribute(new SecurityConfig("RUN_AS_SOMETHING"));
-
         UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken("Test", "Password",
                 new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
 

core/src/test/java/org/springframework/security/securechannel/ChannelDecisionManagerImplTests.java

@@ -95,8 +95,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("xyz");
-        cad.addConfigAttribute(new SecurityConfig("xyz"));
 
         cdm.decide(fi, cad);
         assertTrue(fi.getResponse().isCommitted());
@@ -115,9 +114,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"abc", "ANY_CHANNEL"});
-        cad.addConfigAttribute(new SecurityConfig("abc"));
-        cad.addConfigAttribute(new SecurityConfig("ANY_CHANNEL"));
 
         cdm.decide(fi, cad);
         assertFalse(fi.getResponse().isCommitted());
@@ -138,8 +135,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
         MockFilterChain chain = new MockFilterChain();
         FilterInvocation fi = new FilterInvocation(request, response, chain);
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT");
-        cad.addConfigAttribute(new SecurityConfig("SOME_ATTRIBUTE_NO_PROCESSORS_SUPPORT"));
 
         cdm.decide(fi, cad);
         assertFalse(fi.getResponse().isCommitted());
@@ -198,7 +194,7 @@ public class ChannelDecisionManagerImplTests extends TestCase {
 
         public void decide(FilterInvocation invocation, ConfigAttributeDefinition config)
                 throws IOException, ServletException {
-            Iterator iter = config.getConfigAttributes();
+            Iterator iter = config.getConfigAttributes().iterator();
 
             if (failIfCalled) {
                 fail("Should not have called this channel processor: " + configAttribute);

core/src/test/java/org/springframework/security/securechannel/ChannelProcessingFilterTests.java

@@ -52,9 +52,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         throws Exception {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("MOCK");
-        attr.addConfigAttribute(new SecurityConfig("MOCK"));
-
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
         filter.setFilterInvocationDefinitionSource(fids);
 
@@ -83,8 +81,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("SUPPORTS_MOCK_ONLY");
-        attr.addConfigAttribute(new SecurityConfig("SUPPORTS_MOCK_ONLY"));
 
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
 
@@ -99,10 +96,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SUPPORTS_MOCK_ONLY"));
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition(new String[] {"SUPPORTS_MOCK_ONLY", "INVALID_ATTRIBUTE"});
-        attr.addConfigAttribute(new SecurityConfig("SUPPORTS_MOCK_ONLY"));
-        attr.addConfigAttribute(new SecurityConfig("INVALID_ATTRIBUTE"));
-
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
 
         filter.setFilterInvocationDefinitionSource(fids);
@@ -120,8 +114,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(true, "SOME_ATTRIBUTE"));
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("SOME_ATTRIBUTE");
-        attr.addConfigAttribute(new SecurityConfig("SOME_ATTRIBUTE"));
 
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
 
@@ -143,8 +136,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "SOME_ATTRIBUTE"));
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("SOME_ATTRIBUTE");
-        attr.addConfigAttribute(new SecurityConfig("SOME_ATTRIBUTE"));
 
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
 
@@ -166,8 +158,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         ChannelProcessingFilter filter = new ChannelProcessingFilter();
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "NOT_USED"));
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("NOT_USED");
-        attr.addConfigAttribute(new SecurityConfig("NOT_USED"));
 
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, true);
 
@@ -211,8 +202,7 @@ public class ChannelProcessingFilterTests extends TestCase {
         filter.setChannelDecisionManager(new MockChannelDecisionManager(false, "MOCK"));
         assertTrue(filter.getChannelDecisionManager() != null);
 
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("MOCK");
-        attr.addConfigAttribute(new SecurityConfig("MOCK"));
 
         MockFilterInvocationDefinitionMap fids = new MockFilterInvocationDefinitionMap("/path", attr, false);
 

core/src/test/java/org/springframework/security/securechannel/InsecureChannelProcessorTests.java

@@ -45,9 +45,7 @@ public class InsecureChannelProcessorTests extends TestCase {
     }
 
     public void testDecideDetectsAcceptableChannel() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-        cad.addConfigAttribute(new SecurityConfig("SOME_IGNORED_ATTRIBUTE"));
-        cad.addConfigAttribute(new SecurityConfig("REQUIRES_INSECURE_CHANNEL"));
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
@@ -69,9 +67,7 @@ public class InsecureChannelProcessorTests extends TestCase {
 
     public void testDecideDetectsUnacceptableChannel()
         throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"});
-        cad.addConfigAttribute(new SecurityConfig("SOME_IGNORED_ATTRIBUTE"));
-        cad.addConfigAttribute(new SecurityConfig("REQUIRES_INSECURE_CHANNEL"));
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");

core/src/test/java/org/springframework/security/securechannel/SecureChannelProcessorTests.java

@@ -36,18 +36,8 @@ import org.springframework.mock.web.MockHttpServletResponse;
 public class SecureChannelProcessorTests extends TestCase {
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(SecureChannelProcessorTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
     public void testDecideDetectsAcceptableChannel() throws Exception {
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-        cad.addConfigAttribute(new SecurityConfig("SOME_IGNORED_ATTRIBUTE"));
-        cad.addConfigAttribute(new SecurityConfig("REQUIRES_SECURE_CHANNEL"));
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");
@@ -68,11 +58,8 @@ public class SecureChannelProcessorTests extends TestCase {
         assertFalse(fi.getResponse().isCommitted());
     }
 
-    public void testDecideDetectsUnacceptableChannel()
+    public void testDecideDetectsUnacceptableChannel() throws Exception {
-        throws Exception {
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"});
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
-        cad.addConfigAttribute(new SecurityConfig("SOME_IGNORED_ATTRIBUTE"));
-        cad.addConfigAttribute(new SecurityConfig("REQUIRES_SECURE_CHANNEL"));
 
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setQueryString("info=true");

core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java

@@ -34,6 +34,8 @@ import org.springframework.security.intercept.web.DefaultFilterInvocationDefinit
 import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
 
 import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
 
 /**
  * Tests {@link FilterChainProxy}.
@@ -69,8 +71,6 @@ public class FilterChainProxyTests {
             filterChainProxy.afterPropertiesSet();
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
-            assertEquals("FilterChainProxy requires the FilterInvocationDefinitionSource to return a non-null response to getConfigAttributeDefinitions()",
-                expected.getMessage());
         }
     }
 
@@ -79,8 +79,7 @@ public class FilterChainProxyTests {
         FilterChainProxy filterChainProxy = new FilterChainProxy();
         filterChainProxy.setApplicationContext(MockApplicationContext.getContext());
 
-        ConfigAttributeDefinition cad = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition cad = new ConfigAttributeDefinition(new MockConfigAttribute());
-        cad.addConfigAttribute(new MockConfigAttribute());
 
         DefaultFilterInvocationDefinitionSource fids =
                 new DefaultFilterInvocationDefinitionSource(new AntUrlPathMatcher());
@@ -93,8 +92,6 @@ public class FilterChainProxyTests {
             filterChainProxy.init(new MockFilterConfig());
             fail("Should have thrown IllegalArgumentException");
         } catch (IllegalArgumentException expected) {
-            assertTrue(expected.getMessage()
-                               .endsWith("returned null to the getAttribute() method, which is invalid when used with FilterChainProxy"));
         }
     }
 

core/src/test/java/org/springframework/security/vote/AffirmativeBasedTests.java

@@ -80,9 +80,7 @@ public class AffirmativeBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -93,8 +91,7 @@ public class AffirmativeBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -105,8 +102,7 @@ public class AffirmativeBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-        config.addConfigAttribute(new SecurityConfig("ROLE_WE_DO_NOT_HAVE")); // deny
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -123,8 +119,7 @@ public class AffirmativeBasedTests extends TestCase {
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -141,8 +136,7 @@ public class AffirmativeBasedTests extends TestCase {
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
@@ -153,9 +147,7 @@ public class AffirmativeBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestToken();
         AffirmativeBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);

core/src/test/java/org/springframework/security/vote/AuthenticatedVoterTests.java

@@ -72,8 +72,7 @@ public class AuthenticatedVoterTests extends TestCase {
 
     public void testAnonymousWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY);
-        def.addConfigAttribute(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -81,8 +80,7 @@ public class AuthenticatedVoterTests extends TestCase {
 
     public void testFullyWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_FULLY);
-        def.addConfigAttribute(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY));
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));
@@ -90,8 +88,7 @@ public class AuthenticatedVoterTests extends TestCase {
 
     public void testRememberMeWorks() {
         AuthenticatedVoter voter = new AuthenticatedVoter();
-        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED);
-        def.addConfigAttribute(new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED));
         assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(createAnonymous(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createRememberMe(), null, def));
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED, voter.vote(createFullyAuthenticated(), null, def));

core/src/test/java/org/springframework/security/vote/BasicAclEntryVoterTests.java

@@ -73,11 +73,11 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject, "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
@@ -86,21 +86,20 @@ public class BasicAclEntryVoterTests extends TestCase {
         assertEquals(aclManager, voter.getAclManager());
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
         assertEquals("FOO_ADMIN_OR_WRITE_ACCESS", voter.getProcessConfigAttribute());
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         assertEquals(2, voter.getRequirePermission().length);
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         assertEquals(SomeDomainObject.class, voter.getProcessDomainObjectClass());
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
-            voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
     }
 
     public void testOnlySupportsMethodInvocationAndJoinPoint() {
@@ -206,30 +205,29 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject, "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE");
-        attr.addConfigAttribute(new SecurityConfig("A_DIFFERENT_ATTRIBUTE"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN,
-            voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
     }
 
     public void testVoterAbstainsIfNotMatchingConfigAttribute()
@@ -239,30 +237,29 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject, "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN,
-            voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
     }
 
     public void testVoterCanDenyAccessBasedOnInternalMethodOfDomainObject()
@@ -272,29 +269,28 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject.getParent(), "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.setInternalMethod("getParent");
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         assertEquals(AccessDecisionVoter.ACCESS_DENIED,
-            voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
     }
 
     public void testVoterCanDenyAccessIfPrincipalHasNoPermissionsAtAllToDomainObject()
@@ -304,30 +300,29 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject, "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.setInternalMethod("getParent");
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         // NB: scott is the principal, not rod
         assertEquals(AccessDecisionVoter.ACCESS_DENIED,
-            voter.vote(new UsernamePasswordAuthenticationToken("scott", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("scott", null), mi, attr));
     }
 
     public void testVoterCanGrantAccessBasedOnInternalMethodOfDomainObject()
@@ -337,33 +332,32 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject.getParent(), "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.setInternalMethod("getParent");
         assertEquals("getParent", voter.getInternalMethod());
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         // (well actually it will access domainObject.getParent())
         MethodInvocation mi = getMethodInvocation(domainObject);
 
         assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
-            voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
+                voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr));
     }
 
     public void testVoterThrowsExceptionIfInvalidInternalMethodOfDomainObject()
@@ -373,25 +367,24 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject.getParent(), "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.setInternalMethod("getNonExistentParentName");
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation, so voter can retrieve domainObject
         // (well actually it will access domainObject.getParent())
@@ -412,30 +405,29 @@ public class BasicAclEntryVoterTests extends TestCase {
 
         // Setup an AclManager
         AclManager aclManager = new MockAclManager(domainObject.getParent(), "rod",
-                new AclEntry[] {
+                new AclEntry[]{
-                    new MockAclEntry(),
+                        new MockAclEntry(),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ),
-                    new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
+                        new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)
                 });
 
         // Wire up a voter
         BasicAclEntryVoter voter = new BasicAclEntryVoter();
         voter.setAclManager(aclManager);
         voter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
-        voter.setRequirePermission(new int[] {SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
+        voter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
         voter.setProcessDomainObjectClass(SomeDomainObject.class);
         voter.afterPropertiesSet();
 
         // Wire up an invocation to be voted on
-        ConfigAttributeDefinition attr = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition attr = new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS");
-        attr.addConfigAttribute(new SecurityConfig("FOO_ADMIN_OR_WRITE_ACCESS"));
 
         // Setup a MockMethodInvocation that doesn't provide SomeDomainObject arg
         Class clazz = String.class;
-        Method method = clazz.getMethod("toString", new Class[] {});
+        Method method = clazz.getMethod("toString", new Class[]{});
 
-        MethodInvocation mi = new SimpleMethodInvocation(method, new Object[] {domainObject});
+        MethodInvocation mi = new SimpleMethodInvocation(method, new Object[]{domainObject});
 
         try {
             voter.vote(new UsernamePasswordAuthenticationToken("rod", null), mi, attr);

core/src/test/java/org/springframework/security/vote/ConsensusBasedTests.java

@@ -35,36 +35,16 @@ import org.springframework.security.providers.TestingAuthenticationToken;
  * @version $Id$
  */
 public class ConsensusBasedTests extends TestCase {
-    //~ Constructors ===========================================================
-
-    public ConsensusBasedTests() {
-        super();
-    }
-
-    public ConsensusBasedTests(String arg0) {
-        super(arg0);
-    }
 
     //~ Methods ================================================================
 
-    public final void setUp() throws Exception {
+    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
-        super.setUp();
-    }
-
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(ConsensusBasedTests.class);
-    }
-
-    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault()
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
         mgr.setAllowIfEqualGrantedDeniedDecisions(false);
         assertTrue(!mgr.isAllowIfEqualGrantedDeniedDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -74,40 +54,33 @@ public class ConsensusBasedTests extends TestCase {
         }
     }
 
-    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault()
+    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
         assertTrue(mgr.isAllowIfEqualGrantedDeniedDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
+    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
+    public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-        config.addConfigAttribute(new SecurityConfig("ROLE_WE_DO_NOT_HAVE")); // deny
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -117,15 +90,13 @@ public class ConsensusBasedTests extends TestCase {
         }
     }
 
-    public void testThreeAbstainVotesDeniesAccessWithDefault()
+    public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -135,28 +106,23 @@ public class ConsensusBasedTests extends TestCase {
         }
     }
 
-    public void testThreeAbstainVotesGrantsAccessWithoutDefault()
+    public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
+    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         ConsensusBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);

core/src/test/java/org/springframework/security/vote/DenyAgainVoter.java

@@ -52,7 +52,7 @@ public class DenyAgainVoter implements AccessDecisionVoter {
 	}
 
 	public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-		Iterator iter = config.getConfigAttributes();
+		Iterator iter = config.getConfigAttributes().iterator();
 
 		while (iter.hasNext()) {
 			ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/vote/DenyVoter.java

@@ -46,7 +46,7 @@ public class DenyVoter implements AccessDecisionVoter {
     }
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
-        Iterator iter = config.getConfigAttributes();
+        Iterator iter = config.getConfigAttributes().iterator();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();

core/src/test/java/org/springframework/security/vote/UnanimousBasedTests.java

@@ -36,22 +36,9 @@ import java.util.Vector;
  * @version $Id$
  */
 public class UnanimousBasedTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public UnanimousBasedTests() {
-        super();
-    }
-
-    public UnanimousBasedTests(String arg0) {
-        super(arg0);
-    }
 
     //~ Methods ========================================================================================================
 
-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(UnanimousBasedTests.class);
-    }
-
     private UnanimousBased makeDecisionManager() {
         UnanimousBased decisionManager = new UnanimousBased();
         RoleVoter roleVoter = new RoleVoter();
@@ -96,14 +83,11 @@ public class UnanimousBasedTests extends TestCase {
         super.setUp();
     }
 
-    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess()
+    public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "DENY_FOR_SURE"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("DENY_FOR_SURE")); // deny
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -113,25 +97,21 @@ public class UnanimousBasedTests extends TestCase {
         }
     }
 
-    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess()
+    public void testOneAffirmativeVoteTwoAbstainVotesGrantsAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_2");
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testOneDenyVoteTwoAbstainVotesDeniesAccess()
+    public void testOneDenyVoteTwoAbstainVotesDeniesAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("ROLE_WE_DO_NOT_HAVE");
-        config.addConfigAttribute(new SecurityConfig("ROLE_WE_DO_NOT_HAVE")); // deny
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -145,23 +125,19 @@ public class UnanimousBasedTests extends TestCase {
         TestingAuthenticationToken auth = makeTestTokenWithFooBarPrefix();
         UnanimousBased mgr = makeDecisionManagerWithFooBarPrefix();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"FOOBAR_1", "FOOBAR_2"});
-        config.addConfigAttribute(new SecurityConfig("FOOBAR_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("FOOBAR_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testThreeAbstainVotesDeniesAccessWithDefault()
+    public void testThreeAbstainVotesDeniesAccessWithDefault() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
         assertTrue(!mgr.isAllowIfAllAbstainDecisions()); // check default
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         try {
             mgr.decide(auth, new Object(), config);
@@ -171,28 +147,23 @@ public class UnanimousBasedTests extends TestCase {
         }
     }
 
-    public void testThreeAbstainVotesGrantsAccessWithoutDefault()
+    public void testThreeAbstainVotesGrantsAccessWithoutDefault() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
         mgr.setAllowIfAllAbstainDecisions(true);
         assertTrue(mgr.isAllowIfAllAbstainDecisions()); // check changed
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition("IGNORED_BY_ALL");
-        config.addConfigAttribute(new SecurityConfig("IGNORED_BY_ALL")); // abstain
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);
     }
 
-    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess()
+    public void testTwoAffirmativeVotesTwoAbstainVotesGrantsAccess() throws Exception {
-        throws Exception {
         TestingAuthenticationToken auth = makeTestToken();
         UnanimousBased mgr = makeDecisionManager();
 
-        ConfigAttributeDefinition config = new ConfigAttributeDefinition();
+        ConfigAttributeDefinition config = new ConfigAttributeDefinition(new String[]{"ROLE_1", "ROLE_2"});
-        config.addConfigAttribute(new SecurityConfig("ROLE_1")); // grant
-        config.addConfigAttribute(new SecurityConfig("ROLE_2")); // grant
 
         mgr.decide(auth, new Object(), config);
         assertTrue(true);