java.lang.Object
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor
- All Implemented Interfaces:
- org.springframework.context.ApplicationContextAware, org.springframework.beans.factory.InitializingBean
- public abstract class AbstractSecurityInterceptor
- extends java.lang.Object
- implements org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationContextAware
Abstract class that implements security interception for secure objects.
The AbstractSecurityInterceptor will ensure the proper startup
configuration of the security interceptor. It will also implement the
proper handling of secure object invocations, being:
-
Extract the net.sf.acegisecurity.context.security.SecureContext from the net.sf.acegisecurity.context.ContextHolder, handling
any errors such as invalid or
null objects.
-
Obtain the net.sf.acegisecurity.Authentication object from the extracted
SecureContext.
-
Determine if the request relates to a secured or public invocation by
looking up the secure object request against the ObjectDefinitionSource.
-
For an invocation that is secured (there is a
ConfigAttributeDefinition for the secure object invocation):
-
Authenticate the request against the configured net.sf.acegisecurity.AuthenticationManager, replacing the
Authentication object on
the ContextHolder with the returned value.
-
Authorize the request against the configured net.sf.acegisecurity.AccessDecisionManager.
-
Perform any run-as replacement via the configured net.sf.acegisecurity.RunAsManager.
-
Pass control back to the concrete subclass, which will actually proceed with
executing the object. A InterceptorStatusToken is returned so that
after the subclass has finished proceeding with execution of the object,
its finally clause can ensure the
AbstractSecurityInterceptor
is re-called and tidies up correctly.
-
The concrete subclass will re-call the
AbstractSecurityInterceptor via the afterInvocation(InterceptorStatusToken, Object) 55 method.
-
If the
RunAsManager replaced the Authentication
object, return the ContextHolder to the object that existed
after the call to AuthenticationManager.
-
If an
AfterInvocationManager is defined, invoke the invocation
manager and allow it to replace the object due to be returned to the
caller.
-
For an invocation that is public (there is no
ConfigAttributeDefinition for the secure object invocation):
-
If the
ContextHolder contains a SecureContext, set
the isAuthenticated flag on the Authentication
object to false.
-
As described above, the concrete subclass will be returned an
InterceptorStatusToken which is subsequently re-presented to
the AbstractSecurityInterceptor after the secure object has
been executed. The AbstractSecurityInterceptor will take no
further action when its afterInvocation(InterceptorStatusToken,
Object) 55 is called.
-
Control again returns to the concrete subclass, along with the
Object that should be returned to the caller. The subclass
will then return that result or exception to the original caller.
- Version:
- $Id: AbstractSecurityInterceptor.java,v 1.14 2005/04/15 01:21:34 luke_t Exp $
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
logger
protected static final org.apache.commons.logging.Log logger
accessDecisionManager
private net.sf.acegisecurity.AccessDecisionManager accessDecisionManager
afterInvocationManager
private net.sf.acegisecurity.AfterInvocationManager afterInvocationManager
context
private org.springframework.context.ApplicationContext context
authenticationManager
private net.sf.acegisecurity.AuthenticationManager authenticationManager
runAsManager
private net.sf.acegisecurity.RunAsManager runAsManager
validateConfigAttributes
private boolean validateConfigAttributes
AbstractSecurityInterceptor
public AbstractSecurityInterceptor()
setAfterInvocationManager
public void setAfterInvocationManager(net.sf.acegisecurity.AfterInvocationManager afterInvocationManager)
getAfterInvocationManager
public net.sf.acegisecurity.AfterInvocationManager getAfterInvocationManager()
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
throws org.springframework.beans.BeansException
- Description copied from interface:
org.springframework.context.ApplicationContextAware
- Set the ApplicationContext that this object runs in.
Normally this call will be used to initialize the object.
Invoked after population of normal bean properties but before an init
callback like InitializingBean's afterPropertiesSet or a custom init-method.
Invoked after ResourceLoaderAware's setResourceLoader.
- Specified by:
setApplicationContext in interface org.springframework.context.ApplicationContextAware
getSecureObjectClass
public abstract java.lang.Class getSecureObjectClass()
- Indicates the type of secure objects the subclass will be presenting to
the abstract parent for processing. This is used to ensure
collaborators wired to the
AbstractSecurityInterceptor all
support the indicated secure object class.
obtainObjectDefinitionSource
public abstract ObjectDefinitionSource obtainObjectDefinitionSource()
setAccessDecisionManager
public void setAccessDecisionManager(net.sf.acegisecurity.AccessDecisionManager accessDecisionManager)
getAccessDecisionManager
public net.sf.acegisecurity.AccessDecisionManager getAccessDecisionManager()
setAuthenticationManager
public void setAuthenticationManager(net.sf.acegisecurity.AuthenticationManager newManager)
getAuthenticationManager
public net.sf.acegisecurity.AuthenticationManager getAuthenticationManager()
setRunAsManager
public void setRunAsManager(net.sf.acegisecurity.RunAsManager runAsManager)
getRunAsManager
public net.sf.acegisecurity.RunAsManager getRunAsManager()
setValidateConfigAttributes
public void setValidateConfigAttributes(boolean validateConfigAttributes)
isValidateConfigAttributes
public boolean isValidateConfigAttributes()
afterPropertiesSet
public void afterPropertiesSet()
throws java.lang.Exception
- Description copied from interface:
org.springframework.beans.factory.InitializingBean
- Invoked by a BeanFactory after it has set all bean properties supplied
(and satisfied BeanFactoryAware and ApplicationContextAware).
This method allows the bean instance to perform initialization only
possible when all bean properties have been set and to throw an
exception in the event of misconfiguration.
- Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
afterInvocation
protected java.lang.Object afterInvocation(InterceptorStatusToken token,
java.lang.Object returnedObject)
- Completes the work of the
AbstractSecurityInterceptor after
the secure object invocation has been complete
beforeInvocation
protected InterceptorStatusToken beforeInvocation(java.lang.Object object)
credentialsNotFound
private void credentialsNotFound(java.lang.String reason,
java.lang.Object secureObject,
net.sf.acegisecurity.ConfigAttributeDefinition configAttribs)
- Helper method which generates an exception containing the passed reason,
and publishes an event to the application context.
Always throws an exception.
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD