From ac6ed671a15f3a308941e5a445c11e474a02899d Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 26 Sep 2011 18:24:36 +0100 Subject: [PATCH] SEC-1830: Use constructor injection in namespace parsing code for creation of ProviderManager --- .../AuthenticationManagerBeanDefinitionParser.java | 2 +- .../security/config/http/HttpConfigurationBuilder.java | 2 +- .../config/http/HttpSecurityBeanDefinitionParser.java | 5 +++-- .../method/GlobalMethodSecurityBeanDefinitionParser.java | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java index 5042cc9f72..9d95b59b19 100644 --- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java @@ -83,7 +83,7 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition providers.add(new RootBeanDefinition(NullAuthenticationProvider.class)); } - providerManagerBldr.addPropertyValue("providers", providers); + providerManagerBldr.addConstructorArgValue(providers); if ("false".equals(element.getAttribute(ATT_ERASE_CREDENTIALS))) { providerManagerBldr.addPropertyValue("eraseCredentialsAfterAuthentication", false); diff --git a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java index 77017338fb..690c3c1040 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java @@ -471,7 +471,7 @@ class HttpConfigurationBuilder { voters.add(new RootBeanDefinition(AuthenticatedVoter.class)); } accessDecisionMgr = new RootBeanDefinition(AffirmativeBased.class); - accessDecisionMgr.getPropertyValues().addPropertyValue("decisionVoters", voters); + accessDecisionMgr.getConstructorArgumentValues().addGenericArgumentValue(voters); accessDecisionMgr.setSource(pc.extractSource(httpElt)); // Set up the access manager reference for http diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index a7e1e94aed..97a7d2f9d7 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -187,8 +187,9 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { private BeanReference createAuthenticationManager(Element element, ParserContext pc, ManagedList authenticationProviders) { BeanDefinitionBuilder authManager = BeanDefinitionBuilder.rootBeanDefinition(ProviderManager.class); - authManager.addPropertyValue("parent", new RootBeanDefinition(AuthenticationManagerFactoryBean.class)); - authManager.addPropertyValue("providers", authenticationProviders); + authManager.addConstructorArgValue(authenticationProviders); + authManager.addConstructorArgValue(new RootBeanDefinition(AuthenticationManagerFactoryBean.class)); + RootBeanDefinition clearCredentials = new RootBeanDefinition(MethodInvokingFactoryBean.class); clearCredentials.getPropertyValues().addPropertyValue("targetObject", new RootBeanDefinition(AuthenticationManagerFactoryBean.class)); clearCredentials.getPropertyValues().addPropertyValue("targetMethod", "isEraseCredentialsAfterAuthentication"); diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java index 5a180e8db2..b3939c0c0e 100644 --- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java @@ -247,7 +247,7 @@ public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionP voters.add(new RootBeanDefinition(Jsr250Voter.class)); } - accessMgrBuilder.addPropertyValue("decisionVoters", voters); + accessMgrBuilder.addConstructorArgValue(voters); BeanDefinition accessManager = accessMgrBuilder.getBeanDefinition(); String id = pc.getReaderContext().generateBeanName(accessManager);