Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-23 20:42:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-60: Make method more friendly towards Hibernate detached object. Please note my comments in the JIRA task, as I believing calling toString() is not an unreasonable expectation.

Browse Source
This commit is contained in:
Ben Alex 2005-10-21 07:53:34 +00:00
parent b19d1f9d77
commit c6d5363e5d
1 changed files with 45 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
View File

@ -12,7 +12,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.intercept;
import net.sf.acegisecurity.AccessDecisionManager;
@ -51,15 +50,15 @@ import java.util.Set;
/**
* Abstract class that implements security interception for secure objects.
*
*
* <P>
* The <code>AbstractSecurityInterceptor</code> will ensure the proper startup
* configuration of the security interceptor. It will also implement the
* proper handling of secure object invocations, being:
*
*
* <ol>
* <li>
* Obtain the {@link Authentication} object from the
* Obtain the {@link Authentication} object from the
* {@link SecurityContextHolder}.
* </li>
* <li>
@ -70,7 +69,7 @@ import java.util.Set;
* <li>
* For an invocation that is secured (there is a
* <code>ConfigAttributeDefinition</code> for the secure object invocation):
*
*
* <ol type="a">
* <li>
* If either the {@link net.sf.acegisecurity.Authentication#isAuthenticated()}
@ -109,12 +108,12 @@ import java.util.Set;
* caller.
* </li>
* </ol>
*
*
* </li>
* <li>
* For an invocation that is public (there is no
* <code>ConfigAttributeDefinition</code> for the secure object invocation):
*
*
* <ol type="a">
* <li>
* As described above, the concrete subclass will be returned an
@ -125,7 +124,7 @@ import java.util.Set;
* Object)} is called.
* </li>
* </ol>
*
*
* </li>
* <li>
* Control again returns to the concrete subclass, along with the
@ -140,12 +139,7 @@ import java.util.Set;
*/
public abstract class AbstractSecurityInterceptor implements InitializingBean,
ApplicationContextAware {
//~ Static fields/initializers =============================================
protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class);
//~ Instance fields ========================================================
private AccessDecisionManager accessDecisionManager;
private AfterInvocationManager afterInvocationManager;
private ApplicationContext context;
@ -154,8 +148,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
private boolean alwaysReauthenticate = false;
private boolean validateConfigAttributes = true;
//~ Methods ================================================================
public void setAfterInvocationManager(
AfterInvocationManager afterInvocationManager) {
this.afterInvocationManager = afterInvocationManager;
@ -253,27 +245,27 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
if (!this.obtainObjectDefinitionSource().supports(getSecureObjectClass())) {
throw new IllegalArgumentException(
"ObjectDefinitionSource does not support secure object class: "
+ getSecureObjectClass());
"ObjectDefinitionSource does not support secure object class: " +
getSecureObjectClass());
}
if (!this.runAsManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException(
"RunAsManager does not support secure object class: "
+ getSecureObjectClass());
"RunAsManager does not support secure object class: " +
getSecureObjectClass());
}
if (!this.accessDecisionManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException(
"AccessDecisionManager does not support secure object class: "
+ getSecureObjectClass());
"AccessDecisionManager does not support secure object class: " +
getSecureObjectClass());
}
if ((this.afterInvocationManager != null)
&& !this.afterInvocationManager.supports(getSecureObjectClass())) {
if ((this.afterInvocationManager != null) &&
!this.afterInvocationManager.supports(getSecureObjectClass())) {
throw new IllegalArgumentException(
"AfterInvocationManager does not support secure object class: "
+ getSecureObjectClass());
"AfterInvocationManager does not support secure object class: " +
getSecureObjectClass());
}
if (this.validateConfigAttributes) {
@ -289,18 +281,16 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
Set set = new HashSet();
while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter
.next();
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
Iterator attributes = def.getConfigAttributes();
while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes
.next();
ConfigAttribute attr = (ConfigAttribute) attributes.next();
if (!this.runAsManager.supports(attr)
&& !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null)
|| !this.afterInvocationManager.supports(attr))) {
if (!this.runAsManager.supports(attr) &&
!this.accessDecisionManager.supports(attr) &&
((this.afterInvocationManager == null) ||
!this.afterInvocationManager.supports(attr))) {
set.add(attr);
}
}
@ -312,8 +302,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
}
} else {
throw new IllegalArgumentException(
"Unsupported configuration attributes: "
+ set.toString());
"Unsupported configuration attributes: " +
set.toString());
}
}
}
@ -340,18 +330,16 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: "
+ token.getAuthentication().toString());
logger.debug("Reverting to original Authentication: " +
token.getAuthentication().toString());
}
SecurityContextHolder.getContext().setAuthentication(token
.getAuthentication());
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
}
if (afterInvocationManager != null) {
returnedObject = afterInvocationManager.decide(token
.getAuthentication(), token.getSecureObject(),
token.getAttr(), returnedObject);
returnedObject = afterInvocationManager.decide(token.getAuthentication(),
token.getSecureObject(), token.getAttr(), returnedObject);
}
return returnedObject;
@ -360,17 +348,18 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
protected InterceptorStatusToken beforeInvocation(Object object) {
Assert.notNull(object, "Object was null");
Assert.isTrue(getSecureObjectClass().isAssignableFrom(object.getClass()),
"Security invocation attempted for object " + object
+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
+ getSecureObjectClass());
"Security invocation attempted for object " +
object.getClass().getName() +
" but AbstractSecurityInterceptor only configured to support secure objects of type: " +
getSecureObjectClass());
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource()
.getAttributes(object);
if (attr != null) {
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString()
+ "; ConfigAttributes: " + attr.toString());
logger.debug("Secure object: " + object.toString() +
"; ConfigAttributes: " + attr.toString());
}
// We check for just the property we're interested in (we do
@ -384,8 +373,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication()
.isAuthenticated()
|| alwaysReauthenticate) {
.isAuthenticated() ||
alwaysReauthenticate) {
try {
authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
.getAuthentication());
@ -402,8 +391,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
// We don't authenticated.setAuthentication(true), because each provider should do that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: "
+ authenticated.toString());
logger.debug("Successfully Authenticated: " +
authenticated.toString());
}
SecurityContextHolder.getContext().setAuthentication(authenticated);
@ -412,8 +401,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
.getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: "
+ authenticated.toString());
logger.debug("Previously Authenticated: " +
authenticated.toString());
}
}
@ -450,8 +439,8 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
object); // no further work post-invocation
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: "
+ runAs.toString());
logger.debug("Switching to RunAs Authentication: " +
runAs.toString());
}
SecurityContextHolder.getContext().setAuthentication(runAs);
@ -473,7 +462,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean,
/**
* Helper method which generates an exception containing the passed reason,
* and publishes an event to the application context.
*
*
* <P>
* Always throws an exception.
* </p>