|
@@ -129,7 +129,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
* completed.
|
|
* completed.
|
|
|
*
|
|
*
|
|
|
* @param token as returned by the {@link #beforeInvocation(Object)}} method
|
|
* @param token as returned by the {@link #beforeInvocation(Object)}} method
|
|
|
- * @param returnedObject any object returned from the secure object invocation (may be<tt>null</tt>)
|
|
|
|
|
|
|
+ * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>)
|
|
|
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
|
|
* @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>)
|
|
|
*/
|
|
*/
|
|
|
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
|
|
protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) {
|
|
@@ -188,7 +188,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
|
|
|
|
|
if (attributeDefs == null) {
|
|
if (attributeDefs == null) {
|
|
|
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
|
|
logger.warn("Could not validate configuration attributes as the ObjectDefinitionSource did not return "
|
|
|
- + "a ConfigAttributeDefinition Iterator");
|
|
|
|
|
|
|
+ + "a ConfigAttributeDefinition collection");
|
|
|
return;
|
|
return;
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -247,7 +247,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (logger.isDebugEnabled()) {
|
|
if (logger.isDebugEnabled()) {
|
|
|
- logger.debug("Secure object: " + object.toString() + "; ConfigAttributes: " + attr.toString());
|
|
|
|
|
|
|
+ logger.debug("Secure object: " + object + "; ConfigAttributes: " + attr);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
|
if (SecurityContextHolder.getContext().getAuthentication() == null) {
|
|
@@ -255,28 +255,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
"An Authentication object was not found in the SecurityContext"), object, attr);
|
|
"An Authentication object was not found in the SecurityContext"), object, attr);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- // Attempt authentication if not already authenticated, or user always
|
|
|
|
|
- // wants reauthentication
|
|
|
|
|
- Authentication authenticated;
|
|
|
|
|
-
|
|
|
|
|
- if (!SecurityContextHolder.getContext().getAuthentication().isAuthenticated() || alwaysReauthenticate) {
|
|
|
|
|
- authenticated =
|
|
|
|
|
- this.authenticationManager.authenticate(SecurityContextHolder.getContext().getAuthentication());
|
|
|
|
|
-
|
|
|
|
|
- // We don't authenticated.setAuthentication(true), because each
|
|
|
|
|
- // provider should do that
|
|
|
|
|
- if (logger.isDebugEnabled()) {
|
|
|
|
|
- logger.debug("Successfully Authenticated: " + authenticated.toString());
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- SecurityContextHolder.getContext().setAuthentication(authenticated);
|
|
|
|
|
- } else {
|
|
|
|
|
- authenticated = SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
|
-
|
|
|
|
|
- if (logger.isDebugEnabled()) {
|
|
|
|
|
- logger.debug("Previously Authenticated: " + authenticated.toString());
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ Authentication authenticated = authenticateIfRequired();
|
|
|
|
|
|
|
|
// Attempt authorization
|
|
// Attempt authorization
|
|
|
try {
|
|
try {
|
|
@@ -309,7 +288,7 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
return new InterceptorStatusToken(authenticated, false, attr, object);
|
|
return new InterceptorStatusToken(authenticated, false, attr, object);
|
|
|
} else {
|
|
} else {
|
|
|
if (logger.isDebugEnabled()) {
|
|
if (logger.isDebugEnabled()) {
|
|
|
- logger.debug("Switching to RunAs Authentication: " + runAs.toString());
|
|
|
|
|
|
|
+ logger.debug("Switching to RunAs Authentication: " + runAs);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
SecurityContextHolder.getContext().setAuthentication(runAs);
|
|
SecurityContextHolder.getContext().setAuthentication(runAs);
|
|
@@ -319,6 +298,36 @@ public abstract class AbstractSecurityInterceptor implements InitializingBean, A
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ /**
|
|
|
|
|
+ * Checks the current authentication token and passes it to the AuthenticationManager if
|
|
|
|
|
+ * {@link org.springframework.security.Authentication#isAuthenticated()} returns false or the property
|
|
|
|
|
+ * <tt>alwaysReauthenticate</tt> has been set to true.
|
|
|
|
|
+ *
|
|
|
|
|
+ * @return an authenticated <tt>Authentication</tt> object.
|
|
|
|
|
+ */
|
|
|
|
|
+ private Authentication authenticateIfRequired() {
|
|
|
|
|
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
|
|
|
|
+
|
|
|
|
|
+ if (authentication.isAuthenticated() && !alwaysReauthenticate) {
|
|
|
|
|
+ if (logger.isDebugEnabled()) {
|
|
|
|
|
+ logger.debug("Previously Authenticated: " + authentication);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ return authentication;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ authentication = authenticationManager.authenticate(authentication);
|
|
|
|
|
+
|
|
|
|
|
+ // We don't authenticated.setAuthentication(true), because each provider should do that
|
|
|
|
|
+ if (logger.isDebugEnabled()) {
|
|
|
|
|
+ logger.debug("Successfully Authenticated: " + authentication);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(authentication);
|
|
|
|
|
+
|
|
|
|
|
+ return authentication;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
/**
|
|
/**
|
|
|
* Helper method which generates an exception containing the passed reason,
|
|
* Helper method which generates an exception containing the passed reason,
|
|
|
* and publishes an event to the application context.
|
|
* and publishes an event to the application context.
|
Luke Taylor