Examples of org.springframework.security.access.intercept.InterceptorStatusToken

• org.springframework.security.access.intercept.InterceptorStatusToken
  A return object received by {@link AbstractSecurityInterceptor} subclasses.

  This class reflects the status of the security interception, so that the final call to {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor#afterInvocation(InterceptorStatusToken,Object)}can tidy up correctly. @author Ben Alex

    //1.获取请求资源的权限
    //执行Collection<ConfigAttribute> attributes = SecurityMetadataSource.getAttributes(object);
    //2.是否拥有权限
    //this.accessDecisionManager.decide(authenticated, object, attributes);
//    System.err.println(" ---------------  MySecurityFilter invoke--------------- ");
    InterceptorStatusToken token = super.beforeInvocation(fi);
    try {
      fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
    } finally {
      super.afterInvocation(token, null);
    }

        MethodAdvice beginRenderAdvice = new MethodAdvice() {

          public void advise(MethodInvocation invocation) {

            invocation.proceed();
                final InterceptorStatusToken statusTokenVal = secChecker.checkBefore(confAttrHolder);
                final ComponentResources componentResources = invocation.getInstanceContext().get(ComponentResources.class);
            componentResources.storeRenderVariable(STATUS_TOKEN, statusTokenVal);
            }
        };

        beginRenderMethod.addAdvice(beginRenderAdvice);

        // ---------------- END TRANSFORMATION ------------------------


        PlasticMethod cleanupRenderMethod = plasticClass.introduceMethod(TransformConstants.CLEANUP_RENDER_DESCRIPTION);

        MethodAdvice cleanupRenderAdvice = new MethodAdvice() {

          public void advise(MethodInvocation invocation) {
              invocation.proceed();

              final ComponentResources componentResources = invocation.getInstanceContext().get(ComponentResources.class);
              final InterceptorStatusToken tokenFieldValue = (InterceptorStatusToken) componentResources.getRenderVariable(STATUS_TOKEN);
                secChecker.checkAfter(tokenFieldValue, null);
            }
        };

        cleanupRenderMethod.addAdvice(cleanupRenderAdvice);

        final SecurityChecker secChecker = this.securityChecker;
        MethodAdvice securedMethodAdvice = new MethodAdvice() {

          public void advise(MethodInvocation invocation) {

              InterceptorStatusToken statusTokenVal = secChecker.checkBefore(confAttrHolder);
              tokenFieldHandle.set(invocation.getInstance(), statusTokenVal);

                invocation.proceed();

                InterceptorStatusToken tokenFieldValue = (InterceptorStatusToken) tokenFieldHandle.get(invocation.getInstance());
                secChecker.checkAfter(tokenFieldValue, null);
            }
        };

        method.addAdvice(securedMethodAdvice);

     *        a simple {@code return proceed();} statement
     *
     * @return The returned value from the method invocation
     */
    public Object invoke(JoinPoint jp, AspectJCallback advisorProceed) {
        InterceptorStatusToken token = super.beforeInvocation(new MethodInvocationAdapter(jp));

        Object result;
        try {
            result = advisorProceed.proceedWithObject();
        }finally {

     * @return The returned value from the method invocation (possibly modified by the {@code AfterInvocationManager}).
     *
     * @throws Throwable if any error occurs
     */
    public Object invoke(MethodInvocation mi) throws Throwable {
        InterceptorStatusToken token = super.beforeInvocation(mi);

        Object result;
        try {
            result = mi.proceed();
        } finally {

            // first time this request being called, so perform security checking
            if (fi.getRequest() != null) {
                fi.getRequest().setAttribute(FILTER_APPLIED, Boolean.TRUE);
            }

            InterceptorStatusToken token = super.beforeInvocation(fi);

            try {
                fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
            } finally {
                super.finallyInvocation(token);

    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return metadataSource;
    }

    public Message<?> preSend(Message<?> message, MessageChannel channel) {
        InterceptorStatusToken token = beforeInvocation(message);
        if(token != null) {
            tokenHolder.set(token);
        }
        return message;
    }

        }
        return message;
    }

    public void postSend(Message<?> message, MessageChannel channel, boolean sent) {
        InterceptorStatusToken token = clearToken();
        afterInvocation(token, null);
    }

        InterceptorStatusToken token = clearToken();
        afterInvocation(token, null);
    }

    public void afterSendCompletion(Message<?> message, MessageChannel channel, boolean sent, Exception ex) {
        InterceptorStatusToken token = clearToken();
        finallyInvocation(token);
    }

    public void afterReceiveCompletion(Message<?> message, MessageChannel channel, Exception ex) {
    }

    private InterceptorStatusToken clearToken() {
        InterceptorStatusToken token = tokenHolder.get();
        tokenHolder.remove();
        return token;
    }