From 8a7a0273af8342965a8d8f089845106e17c404ee Mon Sep 17 00:00:00 2001
From: Mat Booth <mbooth@apache.org>
Date: Wed, 27 Nov 2013 22:17:33 +0000
Subject: [PATCH] SEC-2419: Allow setting the publish authz success flag

Previously there was no way of setting the PublishAuthorizationSuccess
flag on the FilterSecurityInterceptor using Java config. This change
adds a method to the AbstractInterceptUrlRegistry to allow setting this
flag.
---
 .../AbstractInterceptUrlConfigurer.java       | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
index 77c9027f1bf..42c1d917713 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -19,6 +19,8 @@
 
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDecisionVoter;
+import org.springframework.security.access.event.AuthorizationFailureEvent;
+import org.springframework.security.access.event.AuthorizedEvent;
 import org.springframework.security.access.vote.AffirmativeBased;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.SecurityConfigurer;
@@ -64,6 +66,7 @@
 abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>, H extends HttpSecurityBuilder<H>> extends
         AbstractHttpConfigurer<C, H>{
     private Boolean filterSecurityInterceptorOncePerRequest;
+    private Boolean filterSecurityPublishAuthorizationSuccess;
 
     private AccessDecisionManager accessDecisionManager;
 
@@ -77,6 +80,9 @@ public void configure(H http) throws Exception {
         if(filterSecurityInterceptorOncePerRequest != null) {
             securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
         }
+        if(filterSecurityPublishAuthorizationSuccess != null) {
+            securityInterceptor.setPublishAuthorizationSuccess(filterSecurityPublishAuthorizationSuccess);
+        }
         securityInterceptor = postProcess(securityInterceptor);
         http.addFilter(securityInterceptor);
         http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
@@ -134,6 +140,21 @@ public R filterSecurityInterceptorOncePerRequest(
             return getSelf();
         }
 
+        /**
+         * Allows setting if the {@link FilterSecurityInterceptor} should send events when authorization is successful.
+         * By default only {@link AuthorizationFailureEvent}s  will be published. If you set this property to true,
+         * {@link AuthorizedEvent}s will also be published.
+         *
+         * @param filterSecurityPublishAuthorizationSuccess if the {@link FilterSecurityInterceptor} should send events
+         *                                                  when authorization is successful
+         * @return  the {@link AbstractInterceptUrlConfigurer} for further customization
+         */
+        public R filterSecurityPublishAuthorizationSuccess(
+                boolean filterSecurityPublishAuthorizationSuccess) {
+            AbstractInterceptUrlConfigurer.this.filterSecurityPublishAuthorizationSuccess = filterSecurityPublishAuthorizationSuccess;
+            return getSelf();
+        }
+
         /**
          * Returns a reference to the current object with a single suppression of
          * the type