Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 15:22:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.

Browse Source
This commit is contained in:
Luke Taylor 2007-03-30 18:02:08 +00:00
parent 6e5f5e15ad
commit 993f7e4af0
1 changed files with 78 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
View File

@ -239,19 +239,28 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object); ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
if ((attr == null) && rejectPublicInvocations) { if (attr == null) {
throw new IllegalArgumentException("No public invocations are allowed via this AbstractSecurityInterceptor. " if(rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
+ "This indicates a configuration error because the " + "This indicates a configuration error because the "
+ "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'"); + "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
} }
if (attr != null) { if (logger.isDebugEnabled()) {
logger.debug("Public object - authentication not attempted");
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString()); logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
} }
// We check for just the property we're interested in (we do
// not call Context.validate() like the ContextInterceptor)
if (SecurityContextHolder.getContext().getAuthentication() == null) { if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound", credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr); "An Authentication object was not found in the SecurityContext"), object, attr);
@ -320,15 +329,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
// revert to token.Authenticated post-invocation // revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attr, object); return new InterceptorStatusToken(authenticated, true, attr, object);
} }
} else {
if (logger.isDebugEnabled()) {
logger.debug("Public object - authentication not attempted");
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
} }
/** /**