root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Removed unecessary rethrow of AuthenticationException from AbstractSecurityInterceptor and tidied up javadoc etc.

This commit is contained in:
Luke Taylor 2008-01-01 16:43:34 +00:00
parent b91e82d91c
commit b115f4aa83
2 changed files with 379 additions and 394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

764
core/src/main/java/org/springframework/security/intercept/AbstractSecurityInterceptor.java
View File

@ -21,7 +21,6 @@ import org.springframework.security.SpringSecurityMessageSource;
import org.springframework.security.AfterInvocationManager; import org.springframework.security.AfterInvocationManager;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationCredentialsNotFoundException; import org.springframework.security.AuthenticationCredentialsNotFoundException;
import org.springframework.security.AuthenticationException;
import org.springframework.security.AuthenticationManager; import org.springframework.security.AuthenticationManager;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition; import org.springframework.security.ConfigAttributeDefinition;
@ -56,438 +55,423 @@ import java.util.Set;
/** /**
* Abstract class that implements security interception for secure objects. * Abstract class that implements security interception for secure objects.
* <p> * <p/>
* The <code>AbstractSecurityInterceptor</code> will ensure the proper startup * The <code>AbstractSecurityInterceptor</code> will ensure the proper startup configuration of the security
* configuration of the security interceptor. It will also implement the proper * interceptor. It will also implement the proper handling of secure object invocations, namely:
* handling of secure object invocations, being:
* <ol> * <ol>
* <li>Obtain the {@link Authentication} object from the * <li>Obtain the {@link Authentication} object from the {@link SecurityContextHolder}.</li>
* {@link SecurityContextHolder}.</li> * <p/>
* <li>Determine if the request relates to a secured or public invocation by * <li>Determine if the request relates to a secured or public invocation by ooking up the secure object request
* looking up the secure object request against the * against the {@link ObjectDefinitionSource}.</li>
* {@link ObjectDefinitionSource}.</li> * <p/>
* <li>For an invocation that is secured (there is a * <li>For an invocation that is secured (there is a
* <code>ConfigAttributeDefinition</code> for the secure object invocation): * <code>ConfigAttributeDefinition</code> for the secure object invocation):
* <p/>
* <ol type="a"> * <ol type="a">
* <p/>
* <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()} * <li>If either the {@link org.springframework.security.Authentication#isAuthenticated()}
* returns <code>false</code>, or the {@link #alwaysReauthenticate} is * returns <code>false</code>, or the {@link #alwaysReauthenticate} is
* <code>true</code>, authenticate the request against the configured * <code>true</code>, authenticate the request against the configured {@link AuthenticationManager}.
* {@link AuthenticationManager}. When authenticated, replace the * When authenticated, replace the <code>Authentication</code> object on the
* <code>Authentication</code> object on the
* <code>SecurityContextHolder</code> with the returned value.</li> * <code>SecurityContextHolder</code> with the returned value.</li>
* <li>Authorize the request against the configured * <p/>
* {@link AccessDecisionManager}.</li> * <li>Authorize the request against the configured {@link AccessDecisionManager}.</li>
* <p/>
* <li>Perform any run-as replacement via the configured {@link RunAsManager}.</li> * <li>Perform any run-as replacement via the configured {@link RunAsManager}.</li>
* <li>Pass control back to the concrete subclass, which will actually proceed * <p/>
* with executing the object. A {@link InterceptorStatusToken} is returned so * <li>Pass control back to the concrete subclass, which will actually proceed with executing the object.
* that after the subclass has finished proceeding with execution of the object, * A {@link InterceptorStatusToken} is returned so that after the subclass has finished proceeding with
* its finally clause can ensure the <code>AbstractSecurityInterceptor</code> * execution of the object, its finally clause can ensure the <code>AbstractSecurityInterceptor</code>
* is re-called and tidies up correctly.</li> * is re-called and tidies up correctly.</li>
* <li>The concrete subclass will re-call the * <p/>
* <code>AbstractSecurityInterceptor</code> via the * <li>The concrete subclass will re-call the <code>AbstractSecurityInterceptor</code> via the
* {@link #afterInvocation(InterceptorStatusToken, Object)} method.</li> * {@link #afterInvocation(InterceptorStatusToken, Object)} method.</li>
* <li>If the <code>RunAsManager</code> replaced the * <p/>
* <code>Authentication</code> object, return the * <li>If the <code>RunAsManager</code> replaced the <code>Authentication</code> object, return the
* <code>SecurityContextHolder</code> to the object that existed after the * <code>SecurityContextHolder</code> to the object that existed after the call to
* call to <code>AuthenticationManager</code>.</li> * <code>AuthenticationManager</code>.</li>
* <p/>
* <li>If an <code>AfterInvocationManager</code> is defined, invoke the * <li>If an <code>AfterInvocationManager</code> is defined, invoke the
* invocation manager and allow it to replace the object due to be returned to * invocation manager and allow it to replace the object due to be returned to
* the caller.</li> * the caller.</li>
* </ol> * </ol>
* <p/>
* </li> * </li>
* <li>For an invocation that is public (there is no * <p/>
* <code>ConfigAttributeDefinition</code> for the secure object invocation): * <li>For an invocation that is public (there is no <code>ConfigAttributeDefinition</code> for the secure object
* invocation):
* <ol type="a"> * <ol type="a">
* <li>As described above, the concrete subclass will be returned an * <p/>
* <code>InterceptorStatusToken</code> which is subsequently re-presented to * <li>As described above, the concrete subclass will be returned an <code>InterceptorStatusToken</code> which is
* the <code>AbstractSecurityInterceptor</code> after the secure object has * subsequently re-presented to the <code>AbstractSecurityInterceptor</code> after the secure object has been executed.
* been executed. The <code>AbstractSecurityInterceptor</code> will take no * The <code>AbstractSecurityInterceptor</code> will take no further action when its
* further action when its {@link #afterInvocation(InterceptorStatusToken, * {@link #afterInvocation(InterceptorStatusToken, Object)} is called.</li>
* Object)} is called.</li>
* </ol> * </ol>
* </li> * </li>
* <li>Control again returns to the concrete subclass, along with the * <p/>
* <code>Object</code> that should be returned to the caller. The subclass * <li>Control again returns to the concrete subclass, along with the <code>Object</code> that should be returned to
* will then return that result or exception to the original caller.</li> * the caller. The subclass will then return that result or exception to the original caller.</li>
* </ol> * </ol>
* </p>
* *
* @author Ben Alex * @author Ben Alex
* @version $Id: AbstractSecurityInterceptor.java 1790 2007-03-30 18:27:19Z * @version $Id$
* luke_t $
*/ */
public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationEventPublisherAware, public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationEventPublisherAware,
MessageSourceAware { MessageSourceAware {
// ~ Static fields/initializers //~ Static fields/initializers =====================================================================================
// =====================================================================================
protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class); protected static final Log logger = LogFactory.getLog(AbstractSecurityInterceptor.class);
// ~ Instance fields //~ Instance fields ================================================================================================
// ================================================================================================
private AccessDecisionManager accessDecisionManager; private AccessDecisionManager accessDecisionManager;
private AfterInvocationManager afterInvocationManager; private AfterInvocationManager afterInvocationManager;
private ApplicationEventPublisher eventPublisher; private ApplicationEventPublisher eventPublisher;
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
private RunAsManager runAsManager = new NullRunAsManager(); private RunAsManager runAsManager = new NullRunAsManager();
private boolean alwaysReauthenticate = false; private boolean alwaysReauthenticate = false;
private boolean rejectPublicInvocations = false; private boolean rejectPublicInvocations = false;
private boolean validateConfigAttributes = true; private boolean validateConfigAttributes = true;
// ~ Methods //~ Methods ========================================================================================================
// ========================================================================================================
/** /**
* Completes the work of the <code>AbstractSecurityInterceptor</code> * Completes the work of the <code>AbstractSecurityInterceptor</code>
* after the secure object invocation has been complete * after the secure object invocation has been complete
*
* @param token as returned by the {@link #beforeInvocation(Object)}} method
* @param returnedObject any object returned from the secure object invocation (may be<code>null</code>)
* @return the object the secure object invocation should ultimately return to its caller (may be <code>null</code>)
*/
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
if (token == null) {
// public object
return returnedObject;
}
if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
}
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
}
if (afterInvocationManager != null) {
// Attempt after invocation handling
try {
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
token.getAttr(), returnedObject);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
.getAttr(), token.getAuthentication(), accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
}
return returnedObject;
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
Assert.notNull(this.messages, "A message source must be set");
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
Assert.notNull(this.runAsManager, "A RunAsManager is required");
Assert.notNull(this.obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required");
Assert.isTrue(this.obtainObjectDefinitionSource().supports(getSecureObjectClass()),
"ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()),
"RunAsManager does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
"AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
if (this.afterInvocationManager != null) {
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()),
"AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
}
if (this.validateConfigAttributes) {
Iterator iter = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
if (iter == null) {
logger.warn("Could not validate configuration attributes as the MethodDefinitionSource did not return "
+ "a ConfigAttributeDefinition Iterator");
return;
}
Set unsupportedAttrs = new HashSet();
while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
Iterator attributes = def.getConfigAttributes();
while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes.next();
if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
unsupportedAttrs.add(attr);
}
}
}
if (unsupportedAttrs.size() != 0) {
throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
}
logger.info("Validated configuration attributes");
}
}
protected InterceptorStatusToken beforeInvocation(Object object) {
Assert.notNull(object, "Object was null");
if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
throw new IllegalArgumentException("Security invocation attempted for object "
+ object.getClass().getName()
+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
+ getSecureObjectClass());
}
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
if (attr == null) {
if (rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
+ "This indicates a configuration error because the "
+ "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
}
if (logger.isDebugEnabled()) {
logger.debug("Public object - authentication not attempted");
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr);
}
// Attempt authentication if not already authenticated, or user always
// wants reauthentication
Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
authenticated =
this.authenticationManager.authenticate(SecurityContextHolder.getContext().getAuthentication());
// We don't authenticated.setAuthentication(true), because each
// provider should do that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + authenticated.toString());
}
SecurityContextHolder.getContext().setAuthentication(authenticated);
} else {
authenticated = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + authenticated.toString());
}
}
// Attempt authorization
try {
this.accessDecisionManager.decide(authenticated, object, attr);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
if (logger.isDebugEnabled()) {
logger.debug("Authorization successful");
}
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
publishEvent(event);
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
if (runAs == null) {
if (logger.isDebugEnabled()) {
logger.debug("RunAsManager did not change Authentication object");
}
// no further work post-invocation
return new InterceptorStatusToken(authenticated, false, attr, object);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs.toString());
}
SecurityContextHolder.getContext().setAuthentication(runAs);
// revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attr, object);
}
}
/**
* Helper method which generates an exception containing the passed reason,
* and publishes an event to the application context.
* <p/>
* Always throws an exception.
*
* @param reason to be provided in the exception detail
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
configAttribs, exception);
publishEvent(event);
throw exception;
}
public AccessDecisionManager getAccessDecisionManager() {
return accessDecisionManager;
}
public AfterInvocationManager getAfterInvocationManager() {
return afterInvocationManager;
}
public AuthenticationManager getAuthenticationManager() {
return this.authenticationManager;
}
public RunAsManager getRunAsManager() {
return runAsManager;
}
/**
* Indicates the type of secure objects the subclass will be presenting to
* the abstract parent for processing. This is used to ensure collaborators
* wired to the <code>AbstractSecurityInterceptor</code> all support the
* indicated secure object class.
*
* @return the type of secure object the subclass provides services for
*/
public abstract Class getSecureObjectClass();
public boolean isAlwaysReauthenticate() {
return alwaysReauthenticate;
}
public boolean isRejectPublicInvocations() {
return rejectPublicInvocations;
}
public boolean isValidateConfigAttributes() {
return validateConfigAttributes;
}
public abstract ObjectDefinitionSource obtainObjectDefinitionSource();
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
this.accessDecisionManager = accessDecisionManager;
}
public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager) {
this.afterInvocationManager = afterInvocationManager;
}
/**
* Indicates whether the <code>AbstractSecurityInterceptor</code> should
* ignore the {@link Authentication#isAuthenticated()} property. Defaults to
* <code>false</code>, meaning by default the
* <code>Authentication.isAuthenticated()</code> property is trusted and
* re-authentication will not occur if the principal has already been
* authenticated.
*
* @param alwaysReauthenticate <code>true</code> to force <code>AbstractSecurityInterceptor</code> to
* disregard the value of <code>Authentication.isAuthenticated()</code> and always re-authenticate the request
* (defaults to <code>false</code>).
*/
public void setAlwaysReauthenticate(boolean alwaysReauthenticate) {
this.alwaysReauthenticate = alwaysReauthenticate;
}
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.eventPublisher = applicationEventPublisher;
}
public void setAuthenticationManager(AuthenticationManager newManager) {
this.authenticationManager = newManager;
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
/**
* By rejecting public invocations (and setting this property to
* <code>true</code>), essentially you are ensuring that every secure
* object invocation advised by <code>AbstractSecurityInterceptor</code>
* has a configuration attribute defined. This is useful to ensure a "fail
* safe" mode where undeclared secure objects will be rejected and
* configuration omissions detected early. An
* <code>IllegalArgumentException</code> will be thrown by the
* <code>AbstractSecurityInterceptor</code> if you set this property to
* <code>true</code> and an attempt is made to invoke a secure object that
* has no configuration attributes.
* *
* @param token as returned by the {@link #beforeInvocation(Object)}} * @param rejectPublicInvocations set to <code>true</code> to reject
* method * invocations of secure objects that have no configuration attributes (by
* @param returnedObject any object returned from the secure object * default it is <code>false</code> which treats undeclared secure objects
* invocation (may be<code>null</code>) * as "public" or unauthorized)
* */
* @return the object the secure object invocation should ultimately return
* to its caller (may be <code>null</code>)
*/
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
if (token == null) {
// public object
return returnedObject;
}
if (token.isContextHolderRefreshRequired()) {
if (logger.isDebugEnabled()) {
logger.debug("Reverting to original Authentication: " + token.getAuthentication().toString());
}
SecurityContextHolder.getContext().setAuthentication(token.getAuthentication());
}
if (afterInvocationManager != null) {
// Attempt after invocation handling
try {
returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
token.getAttr(), returnedObject);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
.getAttr(), token.getAuthentication(), accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
}
return returnedObject;
}
public void afterPropertiesSet() throws Exception {
Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
Assert.notNull(this.messages, "A message source must be set");
Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
Assert.notNull(this.runAsManager, "A RunAsManager is required");
Assert.notNull(this.obtainObjectDefinitionSource(), "An ObjectDefinitionSource is required");
Assert.isTrue(this.obtainObjectDefinitionSource().supports(getSecureObjectClass()),
"ObjectDefinitionSource does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()),
"RunAsManager does not support secure object class: " + getSecureObjectClass());
Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()),
"AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
if (this.afterInvocationManager != null) {
Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()),
"AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
}
if (this.validateConfigAttributes) {
Iterator iter = this.obtainObjectDefinitionSource().getConfigAttributeDefinitions();
if (iter == null) {
logger.warn("Could not validate configuration attributes as the MethodDefinitionSource did not return "
+ "a ConfigAttributeDefinition Iterator");
return;
}
Set unsupportedAttrs = new HashSet();
while (iter.hasNext()) {
ConfigAttributeDefinition def = (ConfigAttributeDefinition) iter.next();
Iterator attributes = def.getConfigAttributes();
while (attributes.hasNext()) {
ConfigAttribute attr = (ConfigAttribute) attributes.next();
if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr)
&& ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
unsupportedAttrs.add(attr);
}
}
}
if (unsupportedAttrs.size() != 0) {
throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
}
logger.info("Validated configuration attributes");
}
}
protected InterceptorStatusToken beforeInvocation(Object object) {
Assert.notNull(object, "Object was null");
if (!getSecureObjectClass().isAssignableFrom(object.getClass())) {
throw new IllegalArgumentException("Security invocation attempted for object "
+ object.getClass().getName()
+ " but AbstractSecurityInterceptor only configured to support secure objects of type: "
+ getSecureObjectClass());
}
ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object);
if (attr == null) {
if (rejectPublicInvocations) {
throw new IllegalArgumentException(
"No public invocations are allowed via this AbstractSecurityInterceptor. "
+ "This indicates a configuration error because the "
+ "AbstractSecurityInterceptor.rejectPublicInvocations property is set to 'true'");
}
if (logger.isDebugEnabled()) {
logger.debug("Public object - authentication not attempted");
}
publishEvent(new PublicInvocationEvent(object));
return null; // no further work post-invocation
}
if (logger.isDebugEnabled()) {
logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
}
if (SecurityContextHolder.getContext().getAuthentication() == null) {
credentialsNotFound(messages.getMessage("AbstractSecurityInterceptor.authenticationNotFound",
"An Authentication object was not found in the SecurityContext"), object, attr);
}
// Attempt authentication if not already authenticated, or user always
// wants reauthentication
Authentication authenticated;
if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
try {
authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext()
.getAuthentication());
}
catch (AuthenticationException authenticationException) {
throw authenticationException;
}
// We don't authenticated.setAuthentication(true), because each
// provider should do that
if (logger.isDebugEnabled()) {
logger.debug("Successfully Authenticated: " + authenticated.toString());
}
SecurityContextHolder.getContext().setAuthentication(authenticated);
}
else {
authenticated = SecurityContextHolder.getContext().getAuthentication();
if (logger.isDebugEnabled()) {
logger.debug("Previously Authenticated: " + authenticated.toString());
}
}
// Attempt authorization
try {
this.accessDecisionManager.decide(authenticated, object, attr);
}
catch (AccessDeniedException accessDeniedException) {
AuthorizationFailureEvent event = new AuthorizationFailureEvent(object, attr, authenticated,
accessDeniedException);
publishEvent(event);
throw accessDeniedException;
}
if (logger.isDebugEnabled()) {
logger.debug("Authorization successful");
}
AuthorizedEvent event = new AuthorizedEvent(object, attr, authenticated);
publishEvent(event);
// Attempt to run as a different user
Authentication runAs = this.runAsManager.buildRunAs(authenticated, object, attr);
if (runAs == null) {
if (logger.isDebugEnabled()) {
logger.debug("RunAsManager did not change Authentication object");
}
// no further work post-invocation
return new InterceptorStatusToken(authenticated, false, attr, object);
}
else {
if (logger.isDebugEnabled()) {
logger.debug("Switching to RunAs Authentication: " + runAs.toString());
}
SecurityContextHolder.getContext().setAuthentication(runAs);
// revert to token.Authenticated post-invocation
return new InterceptorStatusToken(authenticated, true, attr, object);
}
}
/**
* Helper method which generates an exception containing the passed reason,
* and publishes an event to the application context.
* <p>
* Always throws an exception.
* </p>
*
* @param reason to be provided in the exception detail
* @param secureObject that was being called
* @param configAttribs that were defined for the secureObject
*/
private void credentialsNotFound(String reason, Object secureObject, ConfigAttributeDefinition configAttribs) {
AuthenticationCredentialsNotFoundException exception = new AuthenticationCredentialsNotFoundException(reason);
AuthenticationCredentialsNotFoundEvent event = new AuthenticationCredentialsNotFoundEvent(secureObject,
configAttribs, exception);
publishEvent(event);
throw exception;
}
public AccessDecisionManager getAccessDecisionManager() {
return accessDecisionManager;
}
public AfterInvocationManager getAfterInvocationManager() {
return afterInvocationManager;
}
public AuthenticationManager getAuthenticationManager() {
return this.authenticationManager;
}
public RunAsManager getRunAsManager() {
return runAsManager;
}
/**
* Indicates the type of secure objects the subclass will be presenting to
* the abstract parent for processing. This is used to ensure collaborators
* wired to the <code>AbstractSecurityInterceptor</code> all support the
* indicated secure object class.
*
* @return the type of secure object the subclass provides services for
*/
public abstract Class getSecureObjectClass();
public boolean isAlwaysReauthenticate() {
return alwaysReauthenticate;
}
public boolean isRejectPublicInvocations() {
return rejectPublicInvocations;
}
public boolean isValidateConfigAttributes() {
return validateConfigAttributes;
}
public abstract ObjectDefinitionSource obtainObjectDefinitionSource();
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
this.accessDecisionManager = accessDecisionManager;
}
public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager) {
this.afterInvocationManager = afterInvocationManager;
}
/**
* Indicates whether the <code>AbstractSecurityInterceptor</code> should
* ignore the {@link Authentication#isAuthenticated()} property. Defaults to
* <code>false</code>, meaning by default the
* <code>Authentication.isAuthenticated()</code> property is trusted and
* re-authentication will not occur if the principal has already been
* authenticated.
*
* @param alwaysReauthenticate <code>true</code> to force
* <code>AbstractSecurityInterceptor</code> to disregard the value of
* <code>Authentication.isAuthenticated()</code> and always
* re-authenticate the request (defaults to <code>false</code>).
*/
public void setAlwaysReauthenticate(boolean alwaysReauthenticate) {
this.alwaysReauthenticate = alwaysReauthenticate;
}
public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
this.eventPublisher = applicationEventPublisher;
}
public void setAuthenticationManager(AuthenticationManager newManager) {
this.authenticationManager = newManager;
}
public void setMessageSource(MessageSource messageSource) {
this.messages = new MessageSourceAccessor(messageSource);
}
/**
* By rejecting public invocations (and setting this property to
* <code>true</code>), essentially you are ensuring that every secure
* object invocation advised by <code>AbstractSecurityInterceptor</code>
* has a configuration attribute defined. This is useful to ensure a "fail
* safe" mode where undeclared secure objects will be rejected and
* configuration omissions detected early. An
* <code>IllegalArgumentException</code> will be thrown by the
* <code>AbstractSecurityInterceptor</code> if you set this property to
* <code>true</code> and an attempt is made to invoke a secure object that
* has no configuration attributes.
*
* @param rejectPublicInvocations set to <code>true</code> to reject
* invocations of secure objects that have no configuration attributes (by
* default it is <code>false</code> which treats undeclared secure objects
* as "public" or unauthorized)
*/
public void setRejectPublicInvocations(boolean rejectPublicInvocations) { public void setRejectPublicInvocations(boolean rejectPublicInvocations) {
this.rejectPublicInvocations = rejectPublicInvocations; this.rejectPublicInvocations = rejectPublicInvocations;
} }
public void setRunAsManager(RunAsManager runAsManager) { public void setRunAsManager(RunAsManager runAsManager) {
this.runAsManager = runAsManager; this.runAsManager = runAsManager;
} }
public void setValidateConfigAttributes(boolean validateConfigAttributes) { public void setValidateConfigAttributes(boolean validateConfigAttributes) {
this.validateConfigAttributes = validateConfigAttributes; this.validateConfigAttributes = validateConfigAttributes;
} }
private void publishEvent(ApplicationEvent event) { private void publishEvent(ApplicationEvent event) {
if (this.eventPublisher != null) { if (this.eventPublisher != null) {
this.eventPublisher.publishEvent(event); this.eventPublisher.publishEvent(event);
} }

9
core/src/main/java/org/springframework/security/intercept/InterceptorStatusToken.java
View File

@ -20,10 +20,11 @@ import org.springframework.security.ConfigAttributeDefinition;
/** /**
* A return object received by {@link AbstractSecurityInterceptor} subclasses.<P>This class reflects the status of * A return object received by {@link AbstractSecurityInterceptor} subclasses.
* the security interception, so that the final call to {@link * <p>
* org.springframework.security.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken, Object)} can tidy * This class reflects the status of the security interception, so that the final call to
* up correctly.</p> * {@link org.springframework.security.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken, Object)}
* can tidy up correctly.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id$ * @version $Id$