@Test(expected = IllegalArgumentException.class) public void intitalizationRejectsAfterInvocationManagerThatDoesNotSupportMethodInvocation() throws Exception { final AfterInvocationManager aim = mock(AfterInvocationManager.class); when(aim.supports(MethodInvocation.class)).thenReturn(false); interceptor.setAfterInvocationManager(aim); interceptor.afterPropertiesSet(); }
returnedObject = afterInvocationManager.decide(token.getSecurityContext() .getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject);
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()), () -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass()); && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager .supports(attr))) { unsupportedAttrs.add(attr);
returnedObject = afterInvocationManager.decide(token.getSecurityContext() .getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject);
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()), () -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass()); && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager .supports(attr))) { unsupportedAttrs.add(attr);
/** * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been * completed. * * @param token as returned by the {@link #beforeInvocation(Object)}} method * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>) * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>) */ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { if (token == null) { // public object return returnedObject; } finallyInvocation(token); // continue to clean in this method for passivity if (afterInvocationManager != null) { // Attempt after invocation handling try { returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(), token.getSecureObject(), token.getAttributes(), returnedObject); } catch (AccessDeniedException accessDeniedException) { AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token .getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException); publishEvent(event); throw accessDeniedException; } } return returnedObject; }
returnedObject = afterInvocationManager.decide(token.getSecurityContext() .getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject);
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()), () -> "AfterInvocationManager does not support secure object class: " + getSecureObjectClass()); && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager .supports(attr))) { unsupportedAttrs.add(attr);