.getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject); token.getSecureObject(), token.getAttributes(), token .getSecurityContext().getAuthentication(), accessDeniedException);
.getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject); token.getSecureObject(), token.getAttributes(), token .getSecurityContext().getAuthentication(), accessDeniedException);
@Test public void testOperation() { List<ConfigAttribute> attr = SecurityConfig.createList("FOO"); MethodInvocation mi = new SimpleMethodInvocation(); SecurityContext ctx = SecurityContextHolder.createEmptyContext(); InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi); assertThat(token.isContextHolderRefreshRequired()).isTrue(); assertThat(token.getAttributes()).isEqualTo(attr); assertThat(token.getSecureObject()).isEqualTo(mi); assertThat(token.getSecurityContext()).isSameAs(ctx); } }
/** * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been * completed. * * @param token as returned by the {@link #beforeInvocation(Object)}} method * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>) * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>) */ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { if (token == null) { // public object return returnedObject; } finallyInvocation(token); // continue to clean in this method for passivity if (afterInvocationManager != null) { // Attempt after invocation handling try { returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(), token.getSecureObject(), token.getAttributes(), returnedObject); } catch (AccessDeniedException accessDeniedException) { AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token .getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException); publishEvent(event); throw accessDeniedException; } } return returnedObject; }
.getAuthentication(), token.getSecureObject(), token .getAttributes(), returnedObject); token.getSecureObject(), token.getAttributes(), token .getSecurityContext().getAuthentication(), accessDeniedException);