Remove Spring Security 3 support

rstoyanchev · rstoyanchev · commit 112d58bcde6d · 2024-10-28T18:42:01.000Z
See gh-1806
diff --git a/spring-webflow/src/main/java/org/springframework/webflow/security/SecurityFlowExecutionListener.java b/spring-webflow/src/main/java/org/springframework/webflow/security/SecurityFlowExecutionListener.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2020 the original author or authors.
+ * Copyright 2004-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,12 +15,10 @@
  */
 package org.springframework.webflow.security;
 
-import java.lang.reflect.Constructor;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import org.springframework.beans.DirectFieldAccessor;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
@@ -31,7 +29,6 @@
 import org.springframework.security.access.vote.UnanimousBased;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.util.ClassUtils;
 import org.springframework.webflow.definition.FlowDefinition;
 import org.springframework.webflow.definition.StateDefinition;
 import org.springframework.webflow.definition.TransitionDefinition;
@@ -46,8 +43,6 @@
  */
 public class SecurityFlowExecutionListener implements FlowExecutionListener {
 
-	private static final boolean SPRING_SECURITY_3_PRESENT = ClassUtils.hasConstructor(AffirmativeBased.class);
-
 	private AccessDecisionManager accessDecisionManager;
 
 	/**
@@ -100,9 +95,7 @@ protected void decide(SecurityRule rule, Object object) {
 		if (accessDecisionManager != null) {
 			accessDecisionManager.decide(authentication, object, configAttributes);
 		} else {
-			AccessDecisionManager manager = (SPRING_SECURITY_3_PRESENT ?
-					createManagerWithSpringSecurity3(rule) : createManager(rule));
-			manager.decide(authentication, object, configAttributes);
+			createManager(rule).decide(authentication, object, configAttributes);
 		}
 	}
 
@@ -118,28 +111,6 @@ private AbstractAccessDecisionManager createManager(SecurityRule rule) {
 		}
 	}
 
-	private AbstractAccessDecisionManager createManagerWithSpringSecurity3(SecurityRule rule) {
-		List<AccessDecisionVoter> voters = new ArrayList<>();
-		voters.add(new RoleVoter());
-		Class<?> managerType;
-		if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
-			managerType = AffirmativeBased.class;
-		} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
-			managerType = UnanimousBased.class;
-		} else {
-			throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
-		}
-		try {
-			Constructor<?> constructor = managerType.getConstructor();
-			AbstractAccessDecisionManager manager = (AbstractAccessDecisionManager) constructor.newInstance();
-			new DirectFieldAccessor(manager).setPropertyValue("decisionVoters", voters);
-			return manager;
-		}
-		catch (Throwable ex) {
-			throw new IllegalStateException("Failed to initialize AccessDecisionManager", ex);
-		}
-	}
-
 	/**
 	 * Convert SecurityRule into a form understood by Spring Security
 	 * @param rule the rule to convert
