Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1635: AfterInvocationManager should not be invoked if an exception occurs #1875

Closed
spring-projects-issues opened this issue Dec 6, 2010 · 4 comments

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Dec 6, 2010

Luke Taylor (Migrated from SEC-1635) said:

The AfterInvocationManager is intended to perform filtering or make an access decision after an invocation has taken place.

If the invocation raises an exception, then there is no returned object or collection to filter/modify and ability to make an access-decision is likely to be complicated by the lack of those objects (see SEC-1525, for example). Since an exception generally means that the invocation has failed, it's also unlikely that an access-decision is required at that point anyway. Any stateful changes should be rolled back by a transaction manager.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Dec 14, 2010

Luke Taylor said:

Updated the security interceptor implementations to remove the finally block in which the AfterInvocationManager is called.

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Feb 6, 2016

This issue relates to https://jira.spring.io/browse/SEC-1967
This issue supersedes #1766

2 similar comments
@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Feb 6, 2016

This issue relates to https://jira.spring.io/browse/SEC-1967
This issue supersedes #1766

@spring-projects-issues
Copy link
Author

@spring-projects-issues spring-projects-issues commented Feb 6, 2016

This issue relates to https://jira.spring.io/browse/SEC-1967
This issue supersedes #1766

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant