Example usage for org.springframework.security.access.intercept InterceptorStatusToken getSecureObject

List of usage examples for org.springframework.security.access.intercept InterceptorStatusToken getSecureObject

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.access.intercept.*
  5. InterceptorStatusToken
  6. getSecureObject

Introduction

In this page you can find the example usage for org.springframework.security.access.intercept InterceptorStatusToken getSecureObject.

Prototype

public Object getSecureObject()

Source Link

Usage

From source file:springacltutorial.infrastructure.MyMethodSecurityInterceptor.java

/**
 * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the
 * secure object invocation has been completed.
 * /*w ww .ja  v a  2 s . com*/
 * @param token
 *            as returned by the {@link #beforeInvocation(Object)} method
 * @param returnedObject
 *            any object returned from the secure object invocation (may be
 *            <tt>null</tt>)
 * @return the object the secure object invocation should ultimately return
 *         to its caller (may be <tt>null</tt>)
 */
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
    if (token == null) {
        // public object
        return returnedObject;
    }

    if (token.isContextHolderRefreshRequired()) {
        if (logger.isDebugEnabled()) {
            logger.debug(
                    "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
        }

        SecurityContextHolder.setContext(token.getSecurityContext());
    }

    if (afterInvocationManager != null) {
        // Attempt after invocation handling
        try {
            returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
                    token.getSecureObject(), token.getAttributes(), returnedObject);
        } catch (AccessDeniedException accessDeniedException) {
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
                    token.getAttributes(), token.getSecurityContext().getAuthentication(),
                    accessDeniedException);
            publishEvent(event);

            throw accessDeniedException;
        }
    }

    return returnedObject;
}

From source file:org.springframework.security.access.intercept.AbstractSecurityInterceptor.java

/**
 * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure
 * object invocation has been completed.
 *
 * @param token as returned by the {@link #beforeInvocation(Object)} method
 * @param returnedObject any object returned from the secure object invocation (may be
 * <tt>null</tt>)//w  w  w  . j  av a 2 s . c om
 * @return the object the secure object invocation should ultimately return to its
 * caller (may be <tt>null</tt>)
 */
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
    if (token == null) {
        // public object
        return returnedObject;
    }

    finallyInvocation(token); // continue to clean in this method for passivity

    if (afterInvocationManager != null) {
        // Attempt after invocation handling
        try {
            returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
                    token.getSecureObject(), token.getAttributes(), returnedObject);
        } catch (AccessDeniedException accessDeniedException) {
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
                    token.getAttributes(), token.getSecurityContext().getAuthentication(),
                    accessDeniedException);
            publishEvent(event);

            throw accessDeniedException;
        }
    }

    return returnedObject;
}