Example usage for org.springframework.security.access.intercept InterceptorStatusToken isContextHolderRefreshRequired

List of usage examples for org.springframework.security.access.intercept InterceptorStatusToken isContextHolderRefreshRequired

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.access.intercept.*
  5. InterceptorStatusToken
  6. isContextHolderRefreshRequired

Introduction

In this page you can find the example usage for org.springframework.security.access.intercept InterceptorStatusToken isContextHolderRefreshRequired.

Prototype

public boolean isContextHolderRefreshRequired()

Source Link

Usage

From source file:springacltutorial.infrastructure.MyMethodSecurityInterceptor.java

/**
 * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the
 * secure object invocation has been completed.
 * /*from w  ww . j a  va  2 s. c o m*/
 * @param token
 *            as returned by the {@link #beforeInvocation(Object)} method
 * @param returnedObject
 *            any object returned from the secure object invocation (may be
 *            <tt>null</tt>)
 * @return the object the secure object invocation should ultimately return
 *         to its caller (may be <tt>null</tt>)
 */
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
    if (token == null) {
        // public object
        return returnedObject;
    }

    if (token.isContextHolderRefreshRequired()) {
        if (logger.isDebugEnabled()) {
            logger.debug(
                    "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
        }

        SecurityContextHolder.setContext(token.getSecurityContext());
    }

    if (afterInvocationManager != null) {
        // Attempt after invocation handling
        try {
            returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(),
                    token.getSecureObject(), token.getAttributes(), returnedObject);
        } catch (AccessDeniedException accessDeniedException) {
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(),
                    token.getAttributes(), token.getSecurityContext().getAuthentication(),
                    accessDeniedException);
            publishEvent(event);

            throw accessDeniedException;
        }
    }

    return returnedObject;
}

From source file:org.springframework.security.access.intercept.AbstractSecurityInterceptor.java

/**
 * Cleans up the work of the <tt>AbstractSecurityInterceptor</tt> after the secure
 * object invocation has been completed. This method should be invoked after the
 * secure object invocation and before afterInvocation regardless of the secure object
 * invocation returning successfully (i.e. it should be done in a finally block).
 *
 * @param token as returned by the {@link #beforeInvocation(Object)} method
 */// ww  w . ja v a 2 s.  c  o  m
protected void finallyInvocation(InterceptorStatusToken token) {
    if (token != null && token.isContextHolderRefreshRequired()) {
        if (logger.isDebugEnabled()) {
            logger.debug(
                    "Reverting to original Authentication: " + token.getSecurityContext().getAuthentication());
        }

        SecurityContextHolder.setContext(token.getSecurityContext());
    }
}