org.springframework.security.access.intercept

Class AbstractSecurityInterceptor

java.lang.Object

org.springframework.security.access.intercept.AbstractSecurityInterceptor

All Implemented Interfaces:

Aware, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

Direct Known Subclasses:

FilterSecurityInterceptor, MethodSecurityInterceptor

public abstract class AbstractSecurityInterceptor
extends Object
implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware

Abstract class that implements security interception for secure objects.

The AbstractSecurityInterceptor will ensure the proper startup configuration of the security interceptor. It will also implement the proper handling of secure object invocations, namely:

1. Obtain the Authentication object from the SecurityContextHolder.
2. Determine if the request relates to a secured or public invocation by looking up the secure object request against the SecurityMetadataSource.
3. For an invocation that is secured (there is a list of ConfigAttributes for the secure object invocation):
   1. If either the Authentication.isAuthenticated() returns false, or the alwaysReauthenticate is true, authenticate the request against the configured AuthenticationManager. When authenticated, replace the Authentication object on the SecurityContextHolder with the returned value.
   2. Authorize the request against the configured AccessDecisionManager.
   3. Perform any run-as replacement via the configured RunAsManager.
   4. Pass control back to the concrete subclass, which will actually proceed with executing the object. A InterceptorStatusToken is returned so that after the subclass has finished proceeding with execution of the object, its finally clause can ensure the AbstractSecurityInterceptor is re-called and tidies up correctly using finallyInvocation(InterceptorStatusToken).
   5. The concrete subclass will re-call the AbstractSecurityInterceptor via the afterInvocation(InterceptorStatusToken, Object) method.
   6. If the RunAsManager replaced the Authentication object, return the SecurityContextHolder to the object that existed after the call to AuthenticationManager.
   7. If an AfterInvocationManager is defined, invoke the invocation manager and allow it to replace the object due to be returned to the caller.
4. For an invocation that is public (there are no ConfigAttributes for the secure object invocation):
   1. As described above, the concrete subclass will be returned an InterceptorStatusToken which is subsequently re-presented to the AbstractSecurityInterceptor after the secure object has been executed. The AbstractSecurityInterceptor will take no further action when its afterInvocation(InterceptorStatusToken, Object) is called.
5. Control again returns to the concrete subclass, along with the Object that should be returned to the caller. The subclass will then return that result or exception to the original caller.

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	logger
protected MessageSourceAccessor	messages

Constructor Summary

Constructors

Constructor and Description
AbstractSecurityInterceptor()

Method Summary

Methods

Modifier and Type	Method and Description
protected Object	afterInvocation(InterceptorStatusToken token, Object returnedObject) Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
void	afterPropertiesSet()
protected InterceptorStatusToken	beforeInvocation(Object object)
protected void	finallyInvocation(InterceptorStatusToken token) Cleans up the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.
AccessDecisionManager	getAccessDecisionManager()
AfterInvocationManager	getAfterInvocationManager()
AuthenticationManager	getAuthenticationManager()
RunAsManager	getRunAsManager()
abstract Class<?>	getSecureObjectClass() Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing.
boolean	isAlwaysReauthenticate()
boolean	isRejectPublicInvocations()
boolean	isValidateConfigAttributes()
abstract SecurityMetadataSource	obtainSecurityMetadataSource()
void	setAccessDecisionManager(AccessDecisionManager accessDecisionManager)
void	setAfterInvocationManager(AfterInvocationManager afterInvocationManager)
void	setAlwaysReauthenticate(boolean alwaysReauthenticate) Indicates whether the AbstractSecurityInterceptor should ignore the Authentication.isAuthenticated() property.
void	setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)
void	setAuthenticationManager(AuthenticationManager newManager)
void	setMessageSource(MessageSource messageSource)
void	setPublishAuthorizationSuccess(boolean publishAuthorizationSuccess) Only AuthorizationFailureEvent will be published.
void	setRejectPublicInvocations(boolean rejectPublicInvocations) By rejecting public invocations (and setting this property to true), essentially you are ensuring that every secure object invocation advised by AbstractSecurityInterceptor has a configuration attribute defined.
void	setRunAsManager(RunAsManager runAsManager)
void	setValidateConfigAttributes(boolean validateConfigAttributes)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

messages

protected MessageSourceAccessor messages

Constructor Detail

AbstractSecurityInterceptor

public AbstractSecurityInterceptor()

Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception

Specified by:

afterPropertiesSet in interface InitializingBean

Throws:

Exception

beforeInvocation

protected InterceptorStatusToken beforeInvocation(Object object)

finallyInvocation

protected void finallyInvocation(InterceptorStatusToken token)

Cleans up the work of the AbstractSecurityInterceptor after the secure object invocation has been completed. This method should be invoked after the secure object invocation and before afterInvocation regardless of the secure object invocation returning successfully (i.e. it should be done in a finally block).

Parameters:

token - as returned by the beforeInvocation(Object) method

afterInvocation

protected Object afterInvocation(InterceptorStatusToken token,
                     Object returnedObject)

Completes the work of the AbstractSecurityInterceptor after the secure object invocation has been completed.

Parameters:

token - as returned by the beforeInvocation(Object)} method

returnedObject - any object returned from the secure object invocation (may be null)

Returns:

the object the secure object invocation should ultimately return to its caller (may be null)

getAccessDecisionManager

public AccessDecisionManager getAccessDecisionManager()

getAfterInvocationManager

public AfterInvocationManager getAfterInvocationManager()

getAuthenticationManager

public AuthenticationManager getAuthenticationManager()

getRunAsManager

public RunAsManager getRunAsManager()

getSecureObjectClass

public abstract Class<?> getSecureObjectClass()

Indicates the type of secure objects the subclass will be presenting to the abstract parent for processing. This is used to ensure collaborators wired to the AbstractSecurityInterceptor all support the indicated secure object class.

Returns:

the type of secure object the subclass provides services for

isAlwaysReauthenticate

public boolean isAlwaysReauthenticate()

isRejectPublicInvocations

public boolean isRejectPublicInvocations()

isValidateConfigAttributes

public boolean isValidateConfigAttributes()

obtainSecurityMetadataSource

public abstract SecurityMetadataSource obtainSecurityMetadataSource()

setAccessDecisionManager

public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager)

setAfterInvocationManager

public void setAfterInvocationManager(AfterInvocationManager afterInvocationManager)

setAlwaysReauthenticate

public void setAlwaysReauthenticate(boolean alwaysReauthenticate)

Indicates whether the AbstractSecurityInterceptor should ignore the Authentication.isAuthenticated() property. Defaults to false, meaning by default the Authentication.isAuthenticated() property is trusted and re-authentication will not occur if the principal has already been authenticated.

Parameters:

alwaysReauthenticate - true to force AbstractSecurityInterceptor to disregard the value of Authentication.isAuthenticated() and always re-authenticate the request (defaults to false).

setApplicationEventPublisher

public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher)

Specified by:

setApplicationEventPublisher in interface ApplicationEventPublisherAware

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager newManager)

setMessageSource

public void setMessageSource(MessageSource messageSource)

Specified by:

setMessageSource in interface MessageSourceAware

setPublishAuthorizationSuccess

public void setPublishAuthorizationSuccess(boolean publishAuthorizationSuccess)

Only AuthorizationFailureEvent will be published. If you set this property to true, AuthorizedEvents will also be published.

Parameters:

publishAuthorizationSuccess - default value is false

setRejectPublicInvocations

public void setRejectPublicInvocations(boolean rejectPublicInvocations)

By rejecting public invocations (and setting this property to true), essentially you are ensuring that every secure object invocation advised by AbstractSecurityInterceptor has a configuration attribute defined. This is useful to ensure a "fail safe" mode where undeclared secure objects will be rejected and configuration omissions detected early. An IllegalArgumentException will be thrown by the AbstractSecurityInterceptor if you set this property to true and an attempt is made to invoke a secure object that has no configuration attributes.

Parameters:

rejectPublicInvocations - set to true to reject invocations of secure objects that have no configuration attributes (by default it is false which treats undeclared secure objects as "public" or unauthorized).

setRunAsManager

public void setRunAsManager(RunAsManager runAsManager)

setValidateConfigAttributes

public void setValidateConfigAttributes(boolean validateConfigAttributes)