SEC-975: Namespace security syntax does not interpret properties

http://jira.springframework.org/browse/SEC-975. Changed creation of AccessDeniedHandler to use a BeanDefinition to make sure placeholders work OK.
spring-projects · Sep 12, 2008 · 4542f00 · 4542f00
1 parent 5e4634d
commit 4542f00
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@@ -273,8 +273,8 @@ private void registerExceptionTranslationFilter(Element element, ParserContext p
         exceptionTranslationFilterBuilder.addPropertyValue("createSessionAllowed", new Boolean(allowSessionCreation));
 
         if (StringUtils.hasText(accessDeniedPage)) {
-            AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
-            accessDeniedHandler.setErrorPage(accessDeniedPage);
+        	BeanDefinition accessDeniedHandler = new RootBeanDefinition(AccessDeniedHandlerImpl.class);
+        	accessDeniedHandler.getPropertyValues().addPropertyValue("errorPage", accessDeniedPage);
             exceptionTranslationFilterBuilder.addPropertyValue("accessDeniedHandler", accessDeniedHandler);
         }
 

diff --git a/.../test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/.../test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
@@ -267,7 +267,7 @@ public void accessDeniedPageAttributeIsSupported() throws Exception {
         assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage"));
     }
 
-    @Test(expected=BeanDefinitionStoreException.class)
+    @Test(expected=BeanCreationException.class)
     public void invalidAccessDeniedUrlIsDetected() throws Exception {
         setContext("<http auto-config='true' access-denied-page='noLeadingSlash'/>" + AUTH_PROVIDER_XML);
     }
@@ -318,6 +318,16 @@ public void portMappingsWorkWithPlaceholders() throws Exception {
         assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080));
     }
 
+    @Test
+    public void accessDeniedPageWorkWithPlaceholders() throws Exception {
+        System.setProperty("accessDenied", "/go-away");
+        setContext(
+                "    <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
+                "    <http auto-config='true' access-denied-page='${accessDenied}'/>" + AUTH_PROVIDER_XML);
+        ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
+        assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
+    }
+
     @Test
     public void externalFiltersAreTreatedCorrectly() throws Exception {
         // Decorated user-filters should be added to stack. The others should be ignored.