Refactored to pull "public invocation" behaviour (attr==null) into a single guard clause.

2007-03-30 18:02:08 +00:00 · 2007-03-30 18:02:08 +00:00 · 993f7e4af0
parent 6e5f5e15ad
commit 993f7e4af0
1 changed files with 78 additions and 78 deletions
--- a/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/acegisecurity/intercept/AbstractSecurityInterceptor.java
@ -239,19 +239,28 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A

        ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);

-        if ((attr == null) && rejectPublicInvocations) {
-            throw new IllegalArgumentException("No public invocations are allowed via this AbstractSecurityInterceptor. "
+        if (attr == null) {
+            if(rejectPublicInvocations) {
+                throw new IllegalArgumentException(
+                      "No public invocations are allowed via this AbstractSecurityInterceptor. "
                    + "This indicates a configuration error because the "
                    + "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
            }

-        if (attr != null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Public object - authentication not attempted");
+            }
+
+            publishEvent(new PublicInvocationEvent(object));
+
+            return null; // no further work post-invocation
+        }
+
+
        if (logger.isDebugEnabled()) {
            logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
        }

-            // We check for just the property we're interested in (we do
-            // not call Context.validate() like the ContextInterceptor)
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
                    "An Authentication object was not found in the SecurityContext"), object, attr);
@ -320,15 +329,6 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
            // revert to token.Authenticated post-invocation
            return new InterceptorStatusToken(authenticated, true, attr, object);
        }
-        } else {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Public object - authentication not attempted");
-            }
-
-            publishEvent(new PublicInvocationEvent(object));
-
-            return null; // no further work post-invocation
-        }
    }

    /**