From ab9e783f79c3fd57af1017b8c1568a80baecca53 Mon Sep 17 00:00:00 2001
From: Colin Sampaleanu <colin.sampaleanu@springsource.com>
Date: Wed, 21 Apr 2004 21:09:39 +0000
Subject: [PATCH] after invocation, restore pre-RunAs Authentication regardless
 of exception that may be thrown by method being intercepted

---
 .../AbstractSecurityInterceptor.java          | 29 ++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
index 073ddeed67..717625e5a6 100644
--- a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
@@ -320,21 +320,24 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean {
                     logger.debug("Switching to RunAs Authentication: "
                         + runAs.toString());
                 }
+                
+                SecureContext origSecureContext = null;
+                try {
+                    origSecureContext = (SecureContext) ContextHolder.getContext();
+                    context.setAuthentication(runAs);
+                    ContextHolder.setContext((Context) context);
 
-                context.setAuthentication(runAs);
-                ContextHolder.setContext((Context) context);
-
-                Object ret = callback.proceedWithObject(object);
-
-                if (logger.isDebugEnabled()) {
-                    logger.debug("Reverting to original Authentication: "
-                        + authenticated.toString());
+                    return callback.proceedWithObject(object);
+                }
+                finally {
+                    if (logger.isDebugEnabled()) {
+                        logger.debug("Reverting to original Authentication: "
+                            + authenticated.toString());
+                    }
+                    
+                    origSecureContext.setAuthentication(authenticated);
+                    ContextHolder.setContext(origSecureContext);
                 }
-
-                context.setAuthentication(authenticated);
-                ContextHolder.setContext((Context) context);
-
-                return ret;
             }
         } else {
             if (logger.isDebugEnabled()) {