Skip to content

Commit 112d58b

Browse files
committed
Remove Spring Security 3 support
See gh-1806
1 parent 89c37a5 commit 112d58b

File tree

1 file changed

+2
-31
lines changed

1 file changed

+2
-31
lines changed

spring-webflow/src/main/java/org/springframework/webflow/security/SecurityFlowExecutionListener.java

+2-31
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2004-2020 the original author or authors.
2+
* Copyright 2004-2024 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -15,12 +15,10 @@
1515
*/
1616
package org.springframework.webflow.security;
1717

18-
import java.lang.reflect.Constructor;
1918
import java.util.ArrayList;
2019
import java.util.Collection;
2120
import java.util.List;
2221

23-
import org.springframework.beans.DirectFieldAccessor;
2422
import org.springframework.security.access.AccessDecisionManager;
2523
import org.springframework.security.access.AccessDecisionVoter;
2624
import org.springframework.security.access.ConfigAttribute;
@@ -31,7 +29,6 @@
3129
import org.springframework.security.access.vote.UnanimousBased;
3230
import org.springframework.security.core.Authentication;
3331
import org.springframework.security.core.context.SecurityContextHolder;
34-
import org.springframework.util.ClassUtils;
3532
import org.springframework.webflow.definition.FlowDefinition;
3633
import org.springframework.webflow.definition.StateDefinition;
3734
import org.springframework.webflow.definition.TransitionDefinition;
@@ -46,8 +43,6 @@
4643
*/
4744
public class SecurityFlowExecutionListener implements FlowExecutionListener {
4845

49-
private static final boolean SPRING_SECURITY_3_PRESENT = ClassUtils.hasConstructor(AffirmativeBased.class);
50-
5146
private AccessDecisionManager accessDecisionManager;
5247

5348
/**
@@ -100,9 +95,7 @@ protected void decide(SecurityRule rule, Object object) {
10095
if (accessDecisionManager != null) {
10196
accessDecisionManager.decide(authentication, object, configAttributes);
10297
} else {
103-
AccessDecisionManager manager = (SPRING_SECURITY_3_PRESENT ?
104-
createManagerWithSpringSecurity3(rule) : createManager(rule));
105-
manager.decide(authentication, object, configAttributes);
98+
createManager(rule).decide(authentication, object, configAttributes);
10699
}
107100
}
108101

@@ -118,28 +111,6 @@ private AbstractAccessDecisionManager createManager(SecurityRule rule) {
118111
}
119112
}
120113

121-
private AbstractAccessDecisionManager createManagerWithSpringSecurity3(SecurityRule rule) {
122-
List<AccessDecisionVoter> voters = new ArrayList<>();
123-
voters.add(new RoleVoter());
124-
Class<?> managerType;
125-
if (rule.getComparisonType() == SecurityRule.COMPARISON_ANY) {
126-
managerType = AffirmativeBased.class;
127-
} else if (rule.getComparisonType() == SecurityRule.COMPARISON_ALL) {
128-
managerType = UnanimousBased.class;
129-
} else {
130-
throw new IllegalStateException("Unknown SecurityRule match type: " + rule.getComparisonType());
131-
}
132-
try {
133-
Constructor<?> constructor = managerType.getConstructor();
134-
AbstractAccessDecisionManager manager = (AbstractAccessDecisionManager) constructor.newInstance();
135-
new DirectFieldAccessor(manager).setPropertyValue("decisionVoters", voters);
136-
return manager;
137-
}
138-
catch (Throwable ex) {
139-
throw new IllegalStateException("Failed to initialize AccessDecisionManager", ex);
140-
}
141-
}
142-
143114
/**
144115
* Convert SecurityRule into a form understood by Spring Security
145116
* @param rule the rule to convert

0 commit comments

Comments
 (0)