mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-24 19:28:45 +00:00 
			
		
		
		
	Tidying.
This commit is contained in:
		
							parent
							
								
									3c775b5d0d
								
							
						
					
					
						commit
						f0ec1eeabd
					
				| @ -56,60 +56,46 @@ import java.util.Collection; | |||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  * Abstract class that implements security interception for secure objects. |  * Abstract class that implements security interception for secure objects. | ||||||
|  * <p/> |  * <p> | ||||||
|  * The <code>AbstractSecurityInterceptor</code> will ensure the proper startup configuration of the security |  * The <code>AbstractSecurityInterceptor</code> will ensure the proper startup configuration of the security | ||||||
|  * interceptor. It will also implement the proper handling of secure object invocations, namely: |  * interceptor. It will also implement the proper handling of secure object invocations, namely: | ||||||
|  * <ol> |  * <ol> | ||||||
|  * <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li> |  * <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>Determine if the request relates to a secured or public invocation by ooking up the secure object request |  * <li>Determine if the request relates to a secured or public invocation by ooking up the secure object request | ||||||
|  * against the {@link ObjectDefinitionSource}.</li> |  * against the {@link ObjectDefinitionSource}.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>For an invocation that is secured (there is a |  * <li>For an invocation that is secured (there is a | ||||||
|  * <code>ConfigAttributeDefinition</code> for the secure object invocation): |  * <code>ConfigAttributeDefinition</code> for the secure object invocation): | ||||||
|  * <p/> |  | ||||||
|  * <ol type="a"> |  * <ol type="a"> | ||||||
|  * <p/> |  | ||||||
|  * <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()} |  * <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()} | ||||||
|  * returns <code>false</code>, or the {@link #alwaysReauthenticate} is |  * returns <code>false</code>, or the {@link #alwaysReauthenticate} is | ||||||
|  * <code>true</code>, authenticate the request against the configured {@link AuthenticationManager}. |  * <code>true</code>, authenticate the request against the configured {@link AuthenticationManager}. | ||||||
|  * When authenticated, replace the <code>Authentication</code> object on the |  * When authenticated, replace the <code>Authentication</code> object on the | ||||||
|  * <code>SecurityContextHolder</code> with the returned value.</li> |  * <code>SecurityContextHolder</code> with the returned value.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>Authorize the request against the configured {@link AccessDecisionManager}.</li> |  * <li>Authorize the request against the configured {@link AccessDecisionManager}.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>Perform any run-as replacement via the configured {@link RunAsManager}.</li> |  * <li>Perform any run-as replacement via the configured {@link RunAsManager}.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>Pass control back to the concrete subclass, which will actually proceed with executing the object. |  * <li>Pass control back to the concrete subclass, which will actually proceed with executing the object. | ||||||
|  * A {@link InterceptorStatusToken} is returned so that after the subclass has finished proceeding with |  * A {@link InterceptorStatusToken} is returned so that after the subclass has finished proceeding with | ||||||
|  * execution of the object, its finally clause can ensure the <code>AbstractSecurityInterceptor</code> |  * execution of the object, its finally clause can ensure the <code>AbstractSecurityInterceptor</code> | ||||||
|  * is re-called and tidies up correctly.</li> |  * is re-called and tidies up correctly.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>The concrete subclass will re-call the <code>AbstractSecurityInterceptor</code> via the |  * <li>The concrete subclass will re-call the <code>AbstractSecurityInterceptor</code> via the | ||||||
|  * {@link #afterInvocation(InterceptorStatusToken, Object)} method.</li> |  * {@link #afterInvocation(InterceptorStatusToken, Object)} method.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>If the <code>RunAsManager</code> replaced the <code>Authentication</code> object, return the |  * <li>If the <code>RunAsManager</code> replaced the <code>Authentication</code> object, return the | ||||||
|  * <code>SecurityContextHolder</code> to the object that existed after the call to |  * <code>SecurityContextHolder</code> to the object that existed after the call to | ||||||
|  * <code>AuthenticationManager</code>.</li> |  * <code>AuthenticationManager</code>.</li> | ||||||
|  * <p/> |  | ||||||
|  * <li>If an <code>AfterInvocationManager</code> is defined, invoke the |  * <li>If an <code>AfterInvocationManager</code> is defined, invoke the | ||||||
|  * invocation manager and allow it to replace the object due to be returned to |  * invocation manager and allow it to replace the object due to be returned to | ||||||
|  * the caller.</li> |  * the caller.</li> | ||||||
|  * </ol> |  * </ol> | ||||||
|  * <p/> |  | ||||||
|  * </li> |  * </li> | ||||||
|  * <p/> |  | ||||||
|  * <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object |  * <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object | ||||||
|  * invocation): |  * invocation): | ||||||
|  * <ol type="a"> |  * <ol type="a"> | ||||||
|  * <p/> |  | ||||||
|  * <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is |  * <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is | ||||||
|  * subsequently re-presented to the <code>AbstractSecurityInterceptor</code> after the secure object has been executed. |  * subsequently re-presented to the <code>AbstractSecurityInterceptor</code> after the secure object has been executed. | ||||||
|  * The <code>AbstractSecurityInterceptor</code> will take no further action when its |  * The <code>AbstractSecurityInterceptor</code> will take no further action when its | ||||||
|  * {@link #afterInvocation(InterceptorStatusToken, Object)} is called.</li> |  * {@link #afterInvocation(InterceptorStatusToken, Object)} is called.</li> | ||||||
|  * </ol> |  * </ol> | ||||||
|  * </li> |  * </li> | ||||||
|  * <p/> |  | ||||||
|  * <li>Control again returns to the concrete subclass, along with the <code>Object</code> that should be returned to |  * <li>Control again returns to the concrete subclass, along with the <code>Object</code> that should be returned to | ||||||
|  * the caller. The subclass will then return that result or exception to the original caller.</li> |  * the caller. The subclass will then return that result or exception to the original caller.</li> | ||||||
|  * </ol> |  * </ol> | ||||||
| @ -125,33 +111,26 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A | |||||||
| 
 | 
 | ||||||
|     //~ Instance fields ================================================================================================ |     //~ Instance fields ================================================================================================ | ||||||
|      |      | ||||||
|     private AccessDecisionManager accessDecisionManager; |  | ||||||
| 
 |  | ||||||
|     private AfterInvocationManager afterInvocationManager; |  | ||||||
| 
 |  | ||||||
|     private ApplicationEventPublisher eventPublisher; |  | ||||||
| 
 |  | ||||||
|     private AuthenticationManager authenticationManager; |  | ||||||
| 
 |  | ||||||
|     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); |     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); | ||||||
| 
 |     private ApplicationEventPublisher eventPublisher; | ||||||
|  |     private AccessDecisionManager accessDecisionManager; | ||||||
|  |     private AfterInvocationManager afterInvocationManager; | ||||||
|  |     private AuthenticationManager authenticationManager; | ||||||
|     private RunAsManager runAsManager = new NullRunAsManager(); |     private RunAsManager runAsManager = new NullRunAsManager(); | ||||||
| 
 | 
 | ||||||
|     private boolean alwaysReauthenticate = false; |     private boolean alwaysReauthenticate = false; | ||||||
| 
 |  | ||||||
|     private boolean rejectPublicInvocations = false; |     private boolean rejectPublicInvocations = false; | ||||||
| 
 |  | ||||||
|     private boolean validateConfigAttributes = true; |     private boolean validateConfigAttributes = true; | ||||||
| 
 | 
 | ||||||
|     //~ Methods ======================================================================================================== |     //~ Methods ======================================================================================================== | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|      * Completes the work of the <code>AbstractSecurityInterceptor</code> |      * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been | ||||||
|      * after the secure object invocation has been complete |      * completed. | ||||||
|      * |      * | ||||||
|      * @param token as returned by the {@link #beforeInvocation(Object)}} method |      * @param token as returned by the {@link #beforeInvocation(Object)}} method | ||||||
|      * @param returnedObject any object returned from the secure object invocation (may be<code>null</code>) |      * @param returnedObject any object returned from the secure object invocation (may be<tt>null</tt>) | ||||||
|      * @return the object the secure object invocation should ultimately return to its caller (may be <code>null</code>) |      * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>) | ||||||
|      */ |      */ | ||||||
|     protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { |     protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { | ||||||
|         if (token == null) { |         if (token == null) { | ||||||
| @ -187,23 +166,15 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A | |||||||
| 
 | 
 | ||||||
|     public void afterPropertiesSet() throws Exception { |     public void afterPropertiesSet() throws Exception { | ||||||
|         Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()"); |         Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()"); | ||||||
| 
 |  | ||||||
|         Assert.notNull(this.messages, "A message source must be set"); |         Assert.notNull(this.messages, "A message source must be set"); | ||||||
| 
 |  | ||||||
|         Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); |         Assert.notNull(this.authenticationManager, "An AuthenticationManager is required"); | ||||||
| 
 |  | ||||||
|         Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required"); |         Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required"); | ||||||
| 
 |  | ||||||
|         Assert.notNull(this.runAsManager, "A RunAsManager is required"); |         Assert.notNull(this.runAsManager, "A RunAsManager is required"); | ||||||
| 
 |  | ||||||
|         Assert.notNull(this.obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required"); |         Assert.notNull(this.obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required"); | ||||||
| 
 |  | ||||||
|         Assert.isTrue(this.obtainObjectDefinitionSource().supports(getSecureObjectClass()), |         Assert.isTrue(this.obtainObjectDefinitionSource().supports(getSecureObjectClass()), | ||||||
|                 "ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass()); |                 "ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass()); | ||||||
| 
 |  | ||||||
|         Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), |         Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), | ||||||
|                 "RunAsManager does not support secure object class: " + getSecureObjectClass()); |                 "RunAsManager does not support secure object class: " + getSecureObjectClass()); | ||||||
| 
 |  | ||||||
|         Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()), |         Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()), | ||||||
|                 "AccessDecisionManager does not support secure object class: " + getSecureObjectClass()); |                 "AccessDecisionManager does not support secure object class: " + getSecureObjectClass()); | ||||||
| 
 | 
 | ||||||
| @ -445,21 +416,16 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A | |||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     /** |     /** | ||||||
|      * By rejecting public invocations (and setting this property to |      * By rejecting public invocations (and setting this property to <tt>true</tt>), essentially you are ensuring | ||||||
|      * <code>true</code>), essentially you are ensuring that every secure |      * that every secure object invocation advised by <code>AbstractSecurityInterceptor</code> has a configuration | ||||||
|      * object invocation advised by <code>AbstractSecurityInterceptor</code> |      * attribute defined. This is useful to ensure a "fail safe" mode where undeclared secure objects will be rejected | ||||||
|      * has a configuration attribute defined. This is useful to ensure a "fail |      * and configuration omissions detected early. An <tt>IllegalArgumentException</tt> will be thrown by the | ||||||
|      * safe" mode where undeclared secure objects will be rejected and |      * <tt>AbstractSecurityInterceptor</tt> if you set this property to <tt>true</tt> and an attempt is made to invoke | ||||||
|      * configuration omissions detected early. An |      * a secure object that has no configuration attributes. | ||||||
|      * <code>IllegalArgumentException</code> will be thrown by the |  | ||||||
|      * <code>AbstractSecurityInterceptor</code> if you set this property to |  | ||||||
|      * <code>true</code> and an attempt is made to invoke a secure object that |  | ||||||
|      * has no configuration attributes. |  | ||||||
|      * |      * | ||||||
|      * @param rejectPublicInvocations set to <code>true</code> to reject |      * @param rejectPublicInvocations set to <code>true</code> to reject invocations of secure objects that have no | ||||||
|      * invocations of secure objects that have no configuration attributes (by |      * configuration attributes (by default it is <code>false</code> which treats undeclared secure objects | ||||||
|      * default it is <code>false</code> which treats undeclared secure objects |      * as "public" or unauthorized). | ||||||
|      * as "public" or unauthorized) |  | ||||||
|      */ |      */ | ||||||
|     public void setRejectPublicInvocations(boolean rejectPublicInvocations) { |     public void setRejectPublicInvocations(boolean rejectPublicInvocations) { | ||||||
|         this.rejectPublicInvocations = rejectPublicInvocations; |         this.rejectPublicInvocations = rejectPublicInvocations; | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user