List of usage examples for org.springframework.security.access.intercept InterceptorStatusToken getSecurityContext
public SecurityContext getSecurityContext()
From source file:springacltutorial.infrastructure.MyMethodSecurityInterceptor.java
/** * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the * secure object invocation has been completed. * //w ww .java2 s.co m * @param token * as returned by the {@link #beforeInvocation(Object)} method * @param returnedObject * any object returned from the secure object invocation (may be * <tt>null</tt>) * @return the object the secure object invocation should ultimately return * to its caller (may be <tt>null</tt>) */ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { if (token == null) { // public object return returnedObject; } if (token.isContextHolderRefreshRequired()) { if (logger.isDebugEnabled()) { logger.debug( "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication()); } SecurityContextHolder.setContext(token.getSecurityContext()); } if (afterInvocationManager != null) { // Attempt after invocation handling try { returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(), token.getSecureObject(), token.getAttributes(), returnedObject); } catch (AccessDeniedException accessDeniedException) { AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token.getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException); publishEvent(event); throw accessDeniedException; } } return returnedObject; }
From source file:org.springframework.security.access.intercept.AbstractSecurityInterceptor.java
/** * Cleans up the work of the <tt>AbstractSecurityInterceptor</tt> after the secure * object invocation has been completed. This method should be invoked after the * secure object invocation and before afterInvocation regardless of the secure object * invocation returning successfully (i.e. it should be done in a finally block). * * @param token as returned by the {@link #beforeInvocation(Object)} method *//*from www . j av a 2s . c o m*/ protected void finallyInvocation(InterceptorStatusToken token) { if (token != null && token.isContextHolderRefreshRequired()) { if (logger.isDebugEnabled()) { logger.debug( "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication()); } SecurityContextHolder.setContext(token.getSecurityContext()); } }
From source file:org.springframework.security.access.intercept.AbstractSecurityInterceptor.java
/** * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure * object invocation has been completed. * * @param token as returned by the {@link #beforeInvocation(Object)} method * @param returnedObject any object returned from the secure object invocation (may be * <tt>null</tt>)/*from w w w. ja va 2 s .c o m*/ * @return the object the secure object invocation should ultimately return to its * caller (may be <tt>null</tt>) */ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { if (token == null) { // public object return returnedObject; } finallyInvocation(token); // continue to clean in this method for passivity if (afterInvocationManager != null) { // Attempt after invocation handling try { returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(), token.getSecureObject(), token.getAttributes(), returnedObject); } catch (AccessDeniedException accessDeniedException) { AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token.getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException); publishEvent(event); throw accessDeniedException; } } return returnedObject; }