Spring Security
  1. Spring Security
  2. SEC-1887

Cannot override (protected) DefaultMethodSecurityExpressionHandler.createSecurityExpressionRoot

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.1
    • Component/s: Core
    • Labels:
      None

      Description

      There is some inconsistent visibility of the internals: DefaultMethodSecurityExpressionHandler.createSecurityExpressionRoot(Authentication, MethodInvocation) is protected but it returns an instance of a package private class MethodSecurityExpressionRoot. This would be fine except that {[DefaultMethodSecurityExpressionHandler.filter(Object, Expression, EvaluationContext)}} then makes an assumption that the root is of this precise type, and therefore createSecurityExpressionRoot actually cannot be overridden (which would be quite useful).

        Activity

        Hide
        Luke Taylor added a comment -

        Andrei has been looking at something along these lines and has submitted a pull request which I think should cover this.

        Show
        Luke Taylor added a comment - Andrei has been looking at something along these lines and has submitted a pull request which I think should cover this.
        Hide
        Luke Taylor added a comment -

        Marking as fixed, following Andrei's commit.

        Show
        Luke Taylor added a comment - Marking as fixed, following Andrei's commit.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Dave Syer
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: