Examples of org.springframework.security.access.event.AuthorizationFailureEvent

• org.springframework.security.access.event.AuthorizationFailureEvent
  Indicates a secure object invocation failed because the principal could not be authorized for the request.

  This event might be thrown as a result of either an {@link org.springframework.security.access.AccessDecisionManager AccessDecisionManager} or an{@link org.springframework.security.access.intercept.AfterInvocationManager AfterInvocationManager}. @author Ben Alex

            // Attempt authorization with exchange
            try {
                this.accessDecisionManager.decide(authenticated, exchange, attributes);
            } catch (AccessDeniedException accessDeniedException) {
                exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
                AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated,
                        accessDeniedException);
                publishEvent(event);
                throw accessDeniedException;
            }
            publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));

            // Attempt authorization with exchange
            try {
                this.accessDecisionManager.decide(authenticated, exchange, attributes);
            } catch (AccessDeniedException accessDeniedException) {
                exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
                AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated,
                        accessDeniedException);
                publishEvent(event);
                throw accessDeniedException;
            }
            publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));

        // Attempt authorization
        try {
            this.accessDecisionManager.decide(authenticated, object, attributes);
        }
        catch (AccessDeniedException accessDeniedException) {
            publishEvent(new AuthorizationFailureEvent(object, attributes, authenticated,
                    accessDeniedException));

            throw accessDeniedException;
        }

            try {
                returnedObject = afterInvocationManager.decide(token.getAuthentication(), token.getSecureObject(),
                        token.getAttributes(), returnedObject);
            }
            catch (AccessDeniedException accessDeniedException) {
                AuthorizationFailureEvent event = new AuthorizationFailureEvent(token.getSecureObject(), token
                        .getAttributes(), token.getAuthentication(), accessDeniedException);
                publishEvent(event);

                throw accessDeniedException;
            }

    this.listener.setApplicationEventPublisher(this.publisher);
  }

  @Test
  public void testAuthenticationSuccess() {
    this.listener.onApplicationEvent(new AuthorizationFailureEvent(this, Arrays
        .<ConfigAttribute> asList(new SecurityConfig("USER")),
        new UsernamePasswordAuthenticationToken("user", "password"),
        new AccessDeniedException("Bad user")));
    verify(this.publisher).publishEvent((ApplicationEvent) anyObject());
  }

            // Attempt authorization with exchange
            try {
                this.accessDecisionManager.decide(authenticated, exchange, attributes);
            } catch (AccessDeniedException accessDeniedException) {
                exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
                AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated,
                        accessDeniedException);
                publishEvent(event);
                throw accessDeniedException;
            }
            publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));