/** * This method should be used to enforce security on a <code>MethodInvocation</code>. * * @param mi The method being invoked which requires a security decision * * @return The returned value from the method invocation (possibly modified by the * {@code AfterInvocationManager}). * * @throws Throwable if any error occurs */ public Object invoke(MethodInvocation mi) throws Throwable { InterceptorStatusToken token = super.beforeInvocation(mi); Object result; try { result = mi.proceed(); } finally { super.finallyInvocation(token); } return super.afterInvocation(token, result); }
/** * This method should be used to enforce security on a <code>MethodInvocation</code>. * * @param mi The method being invoked which requires a security decision * * @return The returned value from the method invocation (possibly modified by the * {@code AfterInvocationManager}). * * @throws Throwable if any error occurs */ public Object invoke(MethodInvocation mi) throws Throwable { InterceptorStatusToken token = super.beforeInvocation(mi); Object result; try { result = mi.proceed(); } finally { super.finallyInvocation(token); } return super.afterInvocation(token, result); }
finallyInvocation(token); // continue to clean in this method for passivity
finallyInvocation(token); // continue to clean in this method for passivity
/** * This method should be used to enforce security on a <code>MethodInvocation</code>. * * @param mi The method being invoked which requires a security decision * * @return The returned value from the method invocation (possibly modified by the {@code AfterInvocationManager}). * * @throws Throwable if any error occurs */ public Object invoke(MethodInvocation mi) throws Throwable { InterceptorStatusToken token = super.beforeInvocation(mi); Object result; try { result = mi.proceed(); } finally { super.finallyInvocation(token); } return super.afterInvocation(token, result); }
/** * This method should be used to enforce security on a <code>MethodInvocation</code>. * * @param mi The method being invoked which requires a security decision * * @return The returned value from the method invocation (possibly modified by the * {@code AfterInvocationManager}). * * @throws Throwable if any error occurs */ public Object invoke(MethodInvocation mi) throws Throwable { InterceptorStatusToken token = super.beforeInvocation(mi); Object result; try { result = mi.proceed(); } finally { super.finallyInvocation(token); } return super.afterInvocation(token, result); }
public void invoke(FilterInvocation fi) throws IOException, ServletException { if ((fi.getRequest() != null) && (fi.getRequest().getAttribute(FILTER_APPLIED) != null) && observeOncePerRequest) { // filter already applied to this request and user wants us to observe // once-per-request handling, so don't re-do security checking fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); } else { // first time this request being called, so perform security checking if (fi.getRequest() != null && observeOncePerRequest) { fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE); } InterceptorStatusToken token = super.beforeInvocation(fi); try { fi.getChain().doFilter(fi.getRequest(), fi.getResponse()); } finally { super.finallyInvocation(token); } super.afterInvocation(token, null); } }
/** * Completes the work of the <tt>AbstractSecurityInterceptor</tt> after the secure object invocation has been * completed. * * @param token as returned by the {@link #beforeInvocation(Object)}} method * @param returnedObject any object returned from the secure object invocation (may be <tt>null</tt>) * @return the object the secure object invocation should ultimately return to its caller (may be <tt>null</tt>) */ protected Object afterInvocation(InterceptorStatusToken token, Object returnedObject) { if (token == null) { // public object return returnedObject; } finallyInvocation(token); // continue to clean in this method for passivity if (afterInvocationManager != null) { // Attempt after invocation handling try { returnedObject = afterInvocationManager.decide(token.getSecurityContext().getAuthentication(), token.getSecureObject(), token.getAttributes(), returnedObject); } catch (AccessDeniedException accessDeniedException) { AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token .getAttributes(), token.getSecurityContext().getAuthentication(), accessDeniedException); publishEvent(event); throw accessDeniedException; } } return returnedObject; }
finallyInvocation(token); // continue to clean in this method for passivity