Skip to content

Configure permissionEvaluator and roleHierarchy by default #4115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 30, 2017
Merged

Configure permissionEvaluator and roleHierarchy by default #4115

merged 1 commit into from
Oct 30, 2017

Conversation

candrews
Copy link
Contributor

@candrews candrews commented Nov 1, 2016

Configure WebSecurity's default WebSecurityExpressionHandler to use the ApplicationContext's PermissionEvaluator and RoleHierarchy by default, the same way that GlobalMethodSecurityConfiguration does for its default MethodSecurityExpressionHandler.

Issue gh-4077

@rwinch
Copy link
Member

rwinch commented Nov 9, 2016

Thanks for the PR @candrews! Any chance you can add some tests for this?

@rwinch rwinch self-assigned this Nov 9, 2016
@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Nov 9, 2016
@rwinch rwinch removed the status: waiting-for-feedback We need additional information before we can continue label Nov 14, 2016
@rwinch rwinch added this to the 5.0.0.M1 milestone Nov 14, 2016
@candrews
Copy link
Contributor Author

@rwinch I've added tests. If there's anything else I can do, please let me know.

Thanks!

@rwinch
Copy link
Member

rwinch commented Nov 17, 2016

Thanks that is all I need. It will be merged into our next feature release (5.0.0.M1) once we create a new branch for it (next few weeks).

vborcea
vborcea reviewed Feb 8, 2017
View reviewed changes
...n/java/org/springframework/security/access/expression/AbstractSecurityExpressionHandler.java Outdated
@@ -102,22 +106,47 @@ protected abstract SecurityExpressionOperations createSecurityExpressionRoot(
Authentication authentication, T invocation);

protected RoleHierarchy getRoleHierarchy() {
if(! roleHierarchySet && context != null) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe extract this if sentence to a conditional method so that the code would be easier to read
e.g. private boolean roleHerarchyNotSetForValidContext(){
! roleHierarchySet && context != null
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how much of an improvement it is, but I've made the change you requested and updated this PR accordingly.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's making the code more easily to read

@candrews
Configure permissionEvaluator and roleHierarchy by default
023e8fa 
Implementations of AbstractSecurityExpressionHandler (such as the very commonly used DefaultWebSecurityExpressionHandler) get PermissionEvaluator and RoleHierarchy from the application context (if the application context is provided, and exactly one of such a bean exists in it). This approach matches that used in GlobalMethodSecurityConfiguration, making everything in Spring Security work the same way (including WebSecurity).

Issue spring-projectsgh-4077
@candrews
Copy link
Contributor Author

@rwinch Looks like 5.0 is in progress in master... can this be merged?

Thanks!

@rwinch rwinch modified the milestones: 5.0.0.M1, 5.0.0.M2 May 10, 2017
@rwinch rwinch modified the milestones: 5.0.0.M2, 5.0.0.M3 Jun 15, 2017
@jgrandja jgrandja modified the milestones: 5.0.0.M3, 5.0.0.M4 Jul 24, 2017
@rwinch rwinch modified the milestones: 5.0.0.M4, 5.0.0.M5 Sep 13, 2017
@rwinch rwinch modified the milestones: 5.0.0.M5, 5.0.0.RC1 Oct 3, 2017
@rwinch rwinch added type: enhancement A general enhancement in: config An issue in spring-security-config labels Oct 30, 2017
@rwinch rwinch merged commit bf075a2 into spring-projects:4.1.x Oct 30, 2017
@rwinch
Copy link
Member

rwinch commented Oct 30, 2017

Thanks for the PR @candrews! This is merged into master

@larsgrefer larsgrefer mentioned this pull request Jun 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vborcea vborcea vborcea approved these changes

Assignees

@rwinch rwinch

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Milestone
5.0.0.RC1
Development

Successfully merging this pull request may close these issues.
4 participants
@candrews @rwinch @vborcea @jgrandja