1
1
/*
2
- * Copyright 2004-2020 the original author or authors.
2
+ * Copyright 2004-2024 the original author or authors.
3
3
*
4
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
5
* you may not use this file except in compliance with the License.
15
15
*/
16
16
package org .springframework .webflow .security ;
17
17
18
- import java .lang .reflect .Constructor ;
19
18
import java .util .ArrayList ;
20
19
import java .util .Collection ;
21
20
import java .util .List ;
22
21
23
- import org .springframework .beans .DirectFieldAccessor ;
24
22
import org .springframework .security .access .AccessDecisionManager ;
25
23
import org .springframework .security .access .AccessDecisionVoter ;
26
24
import org .springframework .security .access .ConfigAttribute ;
31
29
import org .springframework .security .access .vote .UnanimousBased ;
32
30
import org .springframework .security .core .Authentication ;
33
31
import org .springframework .security .core .context .SecurityContextHolder ;
34
- import org .springframework .util .ClassUtils ;
35
32
import org .springframework .webflow .definition .FlowDefinition ;
36
33
import org .springframework .webflow .definition .StateDefinition ;
37
34
import org .springframework .webflow .definition .TransitionDefinition ;
46
43
*/
47
44
public class SecurityFlowExecutionListener implements FlowExecutionListener {
48
45
49
- private static final boolean SPRING_SECURITY_3_PRESENT = ClassUtils .hasConstructor (AffirmativeBased .class );
50
-
51
46
private AccessDecisionManager accessDecisionManager ;
52
47
53
48
/**
@@ -100,9 +95,7 @@ protected void decide(SecurityRule rule, Object object) {
100
95
if (accessDecisionManager != null ) {
101
96
accessDecisionManager .decide (authentication , object , configAttributes );
102
97
} else {
103
- AccessDecisionManager manager = (SPRING_SECURITY_3_PRESENT ?
104
- createManagerWithSpringSecurity3 (rule ) : createManager (rule ));
105
- manager .decide (authentication , object , configAttributes );
98
+ createManager (rule ).decide (authentication , object , configAttributes );
106
99
}
107
100
}
108
101
@@ -118,28 +111,6 @@ private AbstractAccessDecisionManager createManager(SecurityRule rule) {
118
111
}
119
112
}
120
113
121
- private AbstractAccessDecisionManager createManagerWithSpringSecurity3 (SecurityRule rule ) {
122
- List <AccessDecisionVoter > voters = new ArrayList <>();
123
- voters .add (new RoleVoter ());
124
- Class <?> managerType ;
125
- if (rule .getComparisonType () == SecurityRule .COMPARISON_ANY ) {
126
- managerType = AffirmativeBased .class ;
127
- } else if (rule .getComparisonType () == SecurityRule .COMPARISON_ALL ) {
128
- managerType = UnanimousBased .class ;
129
- } else {
130
- throw new IllegalStateException ("Unknown SecurityRule match type: " + rule .getComparisonType ());
131
- }
132
- try {
133
- Constructor <?> constructor = managerType .getConstructor ();
134
- AbstractAccessDecisionManager manager = (AbstractAccessDecisionManager ) constructor .newInstance ();
135
- new DirectFieldAccessor (manager ).setPropertyValue ("decisionVoters" , voters );
136
- return manager ;
137
- }
138
- catch (Throwable ex ) {
139
- throw new IllegalStateException ("Failed to initialize AccessDecisionManager" , ex );
140
- }
141
- }
142
-
143
114
/**
144
115
* Convert SecurityRule into a form understood by Spring Security
145
116
* @param rule the rule to convert
0 commit comments