spring-projects
diff --git a/‎acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
Lines changed: 2 additions & 1 deletion b/‎acl/src/main/java/org/springframework/security/acls/AclEntryVoter.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
Lines changed: 1 addition & 1 deletion b/‎acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationCollectionFilteringProvider.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
Lines changed: 2 additions & 1 deletion b/‎acl/src/main/java/org/springframework/security/acls/afterinvocation/AclEntryAfterInvocationProvider.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
Lines changed: 0 additions & 4 deletions b/‎config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
Lines changed: 0 additions & 4 deletions
diff --git a/‎config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
Lines changed: 2 additions & 2 deletions b/‎config/src/test/java/org/springframework/security/config/MockAfterInvocationProvider.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
Lines changed: 7 additions & 7 deletions b/‎config/src/test/java/org/springframework/security/config/http/FilterSecurityMetadataSourceBeanDefinitionParserTests.java
Lines changed: 7 additions & 7 deletions
diff --git a/‎config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
Lines changed: 7 additions & 6 deletions b/‎config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
Lines changed: 7 additions & 6 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
Lines changed: 2 additions & 2 deletions b/‎core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
Lines changed: 2 additions & 2 deletions b/‎core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
Lines changed: 2 additions & 2 deletions b/‎core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
Lines changed: 1 addition & 2 deletions b/‎core/src/main/java/org/springframework/security/access/SecurityMetadataSource.java
Lines changed: 1 addition & 2 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
Lines changed: 2 additions & 2 deletions b/‎core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
Lines changed: 7 additions & 7 deletions b/‎core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
Lines changed: 7 additions & 7 deletions
diff --git a/‎core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
Lines changed: 8 additions & 8 deletions b/‎core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
Lines changed: 8 additions & 8 deletions
@@ -17,6 +17,7 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
 
 import org.apache.commons.logging.Log;
@@ -152,7 +153,7 @@ public boolean supports(ConfigAttribute attribute) {
         }
     }
 
-    public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {
+    public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
 
         for(ConfigAttribute attr : attributes) {
 
 
@@ -73,7 +73,7 @@ public AclEntryAfterInvocationCollectionFilteringProvider(AclService aclService,
     //~ Methods ========================================================================================================
 
     @SuppressWarnings("unchecked")
-    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
+    public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
 
         if (returnedObject == null) {
 
@@ -14,6 +14,7 @@
  */
 package org.springframework.security.acls.afterinvocation;
 
+import java.util.Collection;
 import java.util.List;
 
 import org.apache.commons.logging.Log;
@@ -75,7 +76,7 @@ public AclEntryAfterInvocationProvider(AclService aclService, String processConf
 
     //~ Methods ========================================================================================================
 
-    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
+    public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config,
             Object returnedObject) throws AccessDeniedException {
 
         if (returnedObject == null) {
 
@@ -7,8 +7,6 @@
 import java.util.Collections;
 import java.util.List;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.beans.factory.config.BeanReference;
@@ -59,8 +57,6 @@
  * @since 3.0
  */
 class HttpConfigurationBuilder {
-    private final Log logger = LogFactory.getLog(getClass());
-
     private static final String ATT_CREATE_SESSION = "create-session";
     private static final String OPT_CREATE_SESSION_NEVER = "never";
     private static final String DEF_CREATE_SESSION_IF_REQUIRED = "ifRequired";
 
@@ -1,6 +1,6 @@
 package org.springframework.security.config;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
@@ -9,7 +9,7 @@
 
 public class MockAfterInvocationProvider implements AfterInvocationProvider {
 
-    public Object decide(Authentication authentication, Object object, List<ConfigAttribute> config, Object returnedObject)
+    public Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> config, Object returnedObject)
             throws AccessDeniedException {
         return returnedObject;
     }
 
@@ -2,7 +2,7 @@
 
 import static org.junit.Assert.*;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.junit.After;
 import org.junit.Test;
@@ -47,7 +47,7 @@ public void parsingMinimalConfigurationIsSuccessful() {
                 "   <intercept-url pattern='/**' access='ROLE_A'/>" +
                 "</filter-security-metadata-source>");
         DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
-        List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
+        Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
         assertNotNull(cad);
         assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
     }
@@ -61,9 +61,9 @@ public void expressionsAreSupported() {
 
         ExpressionBasedFilterInvocationSecurityMetadataSource fids =
             (ExpressionBasedFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
-        List<? extends ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
-        assertEquals(1, cad.size());
-        assertEquals("hasRole('ROLE_A')", cad.get(0).toString());
+        ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
+        assertEquals(1, cad.length);
+        assertEquals("hasRole('ROLE_A')", cad[0].toString());
     }
 
     // SEC-1201
@@ -77,10 +77,10 @@ public void interceptUrlsSupportPropertyPlaceholders() {
                 "   <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
                 "</filter-security-metadata-source>");
         DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
-        List<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
+        Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
         assertNotNull(cad);
         assertEquals(1, cad.size());
-        assertEquals("ROLE_A", cad.get(0).getAttribute());
+        assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
     }
 
     @Test
 
@@ -7,6 +7,7 @@
 
 import java.lang.reflect.Method;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -286,7 +287,7 @@ public void lowerCaseComparisonIsRespectedBySecurityFilterInvocationDefinitionSo
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
 
         FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
-        List<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
+        Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
         assertEquals(2, attrDef.size());
         assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
         assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
@@ -314,10 +315,10 @@ public void interceptUrlsAndFormLoginSupportPropertyPlaceholders() throws Except
         // Check the security attribute
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
         FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
-        List<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
+        Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
         assertNotNull(attrs);
         assertEquals(1, attrs.size());
-        assertEquals("ROLE_A",attrs.get(0).getAttribute());
+        assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
 
         // Check the form login properties are set
         UsernamePasswordAuthenticationFilter apf = (UsernamePasswordAuthenticationFilter)
@@ -340,7 +341,7 @@ public void httpMethodMatchIsSupported() throws Exception {
 
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
         FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
-        List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
+        Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
         assertEquals(2, attrs.size());
         assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
         assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
@@ -904,7 +905,7 @@ public void supportsTwoIdenticalInterceptUrls() throws Exception {
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
 
         FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
-        List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
+        Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
         assertEquals(1, attrDef.size());
         assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
     }
@@ -942,7 +943,7 @@ public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Except
         FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
 
         FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
-        List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
+        Collection<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
         assertEquals(1, attrDef.size());
 
         // Try an unprotected invocation
 
@@ -15,7 +15,7 @@
 
 package org.springframework.security.access;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
@@ -41,7 +41,7 @@ public interface AccessDecisionManager {
      * @throws InsufficientAuthenticationException if access is denied as the authentication does not provide a
      *         sufficient level of trust
      */
-    void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
+    void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
         throws AccessDeniedException, InsufficientAuthenticationException;
 
     /**
 
@@ -15,7 +15,7 @@
 
 package org.springframework.security.access;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.core.Authentication;
 
@@ -87,5 +87,5 @@ public interface AccessDecisionVoter {
      *
      * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
      */
-    int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);
+    int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);
 }
@@ -15,7 +15,7 @@
 
 package org.springframework.security.access;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.intercept.AfterInvocationProviderManager;
 import org.springframework.security.core.Authentication;
@@ -30,7 +30,7 @@
 public interface AfterInvocationProvider {
     //~ Methods ========================================================================================================
 
-    Object decide(Authentication authentication, Object object, List<ConfigAttribute> config,
+    Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
         Object returnedObject) throws AccessDeniedException;
 
     /**
 
@@ -16,7 +16,6 @@
 package org.springframework.security.access;
 
 import java.util.Collection;
-import java.util.List;
 
 import org.springframework.aop.framework.AopInfrastructureBean;
 import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
@@ -44,7 +43,7 @@ public interface SecurityMetadataSource extends AopInfrastructureBean {
      * @throws IllegalArgumentException if the passed object is not of a type supported by the
      *         <code>SecurityMetadataSource</code> implementation
      */
-    List<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
+    Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
 
     /**
      * If available, returns all of the <code>ConfigAttribute</code>s defined by the implementing class.
 
@@ -1,6 +1,6 @@
 package org.springframework.security.access.annotation;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.ConfigAttribute;
@@ -43,7 +43,7 @@ public boolean supports(Class<?> clazz) {
      * @param definition     The configuration definition.
      * @return The vote.
      */
-    public int vote(Authentication authentication, Object object, List<ConfigAttribute> definition) {
+    public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> definition) {
         for (ConfigAttribute attribute : definition) {
             if (Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE.equals(attribute)) {
                 return ACCESS_GRANTED;
 
@@ -15,7 +15,7 @@
 
 package org.springframework.security.access.event;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -32,33 +32,33 @@ public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizatio
     //~ Instance fields ================================================================================================
 
     private AuthenticationCredentialsNotFoundException credentialsNotFoundException;
-    private List<ConfigAttribute> configAttribs;
+    private Collection<ConfigAttribute> configAttribs;
 
     //~ Constructors ===================================================================================================
 
     /**
      * Construct the event.
      *
      * @param secureObject the secure object
-     * @param configAttribs that apply to the secure object
+     * @param attributes that apply to the secure object
      * @param credentialsNotFoundException exception returned to the caller (contains reason)
      *
      */
-    public AuthenticationCredentialsNotFoundEvent(Object secureObject, List<ConfigAttribute> configAttribs,
+    public AuthenticationCredentialsNotFoundEvent(Object secureObject, Collection<ConfigAttribute> attributes,
             AuthenticationCredentialsNotFoundException credentialsNotFoundException) {
         super(secureObject);
 
-        if ((configAttribs == null) || (credentialsNotFoundException == null)) {
+        if ((attributes == null) || (credentialsNotFoundException == null)) {
             throw new IllegalArgumentException("All parameters are required and cannot be null");
         }
 
-        this.configAttribs = configAttribs;
+        this.configAttribs = attributes;
         this.credentialsNotFoundException = credentialsNotFoundException;
     }
 
     //~ Methods ========================================================================================================
 
-    public List<ConfigAttribute> getConfigAttributes() {
+    public Collection<ConfigAttribute> getConfigAttributes() {
         return configAttribs;
     }
 
 
@@ -15,7 +15,7 @@
 
 package org.springframework.security.access.event;
 
-import java.util.List;
+import java.util.Collection;
 
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
@@ -38,30 +38,30 @@ public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 
     private AccessDeniedException accessDeniedException;
     private Authentication authentication;
-    private List<ConfigAttribute> configAttributeDefinition;
+    private Collection<ConfigAttribute> configAttributes;
 
     //~ Constructors ===================================================================================================
 
     /**
      * Construct the event.
      *
      * @param secureObject the secure object
-     * @param configAttribs that apply to the secure object
+     * @param attributes that apply to the secure object
      * @param authentication that was found in the <code>SecurityContextHolder</code>
      * @param accessDeniedException that was returned by the
      *        <code>AccessDecisionManager</code>
      *
      * @throws IllegalArgumentException if any null arguments are presented.
      */
-    public AuthorizationFailureEvent(Object secureObject, List<ConfigAttribute> configAttribs,
+    public AuthorizationFailureEvent(Object secureObject, Collection<ConfigAttribute> attributes,
         Authentication authentication, AccessDeniedException accessDeniedException) {
         super(secureObject);
 
-        if ((configAttribs == null) || (authentication == null) || (accessDeniedException == null)) {
+        if ((attributes == null) || (authentication == null) || (accessDeniedException == null)) {
             throw new IllegalArgumentException("All parameters are required and cannot be null");
         }
 
-        this.configAttributeDefinition = configAttribs;
+        this.configAttributes = attributes;
         this.authentication = authentication;
         this.accessDeniedException = accessDeniedException;
     }
@@ -76,7 +76,7 @@ public Authentication getAuthentication() {
         return authentication;
     }
 
-    public List<ConfigAttribute> getConfigAttributes() {
-        return configAttributeDefinition;
+    public Collection<ConfigAttribute> getConfigAttributes() {
+        return configAttributes;
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`import java.lang.reflect.InvocationTargetException;`
`18`	`18`	`import java.lang.reflect.Method;`
`19`	`19`	`import java.util.Arrays;`
	`20`	`+import java.util.Collection;`
`20`	`21`	`import java.util.List;`
`21`	`22`
`22`	`23`	`import org.apache.commons.logging.Log;`
`@@ -152,7 +153,7 @@ public boolean supports(ConfigAttribute attribute) {`
`152`	`153`	`}`
`153`	`154`	`}`
`154`	`155`
`155`		`- public int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes) {`
	`156`	`+ public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {`
`156`	`157`
`157`	`158`	`for(ConfigAttribute attr : attributes) {`
`158`	`159`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`
`16`	`16`	`package org.springframework.security.access;`
`17`	`17`
`18`		`-import java.util.List;`
	`18`	`+import java.util.Collection;`
`19`	`19`
`20`	`20`	`import org.springframework.security.core.Authentication;`
`21`	`21`
`@@ -87,5 +87,5 @@ public interface AccessDecisionVoter {`
`87`	`87`	`*`
`88`	`88`	`* @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}`
`89`	`89`	`*/`
`90`		`- int vote(Authentication authentication, Object object, List<ConfigAttribute> attributes);`
	`90`	`+ int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes);`
`91`	`91`	`}`