spring-projects · mbooth101 · Nov 27, 2013
diff --git a/...gframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/...gframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@@ -19,6 +19,8 @@
 
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDecisionVoter;
+import org.springframework.security.access.event.AuthorizationFailureEvent;
+import org.springframework.security.access.event.AuthorizedEvent;
 import org.springframework.security.access.vote.AffirmativeBased;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.SecurityConfigurer;
@@ -64,6 +66,7 @@
 abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C,H>, H extends HttpSecurityBuilder<H>> extends
         AbstractHttpConfigurer<C, H>{
     private Boolean filterSecurityInterceptorOncePerRequest;
+    private Boolean filterSecurityPublishAuthorizationSuccess;
 
     private AccessDecisionManager accessDecisionManager;
 
@@ -77,6 +80,9 @@ public void configure(H http) throws Exception {
         if(filterSecurityInterceptorOncePerRequest != null) {
             securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
         }
+        if(filterSecurityPublishAuthorizationSuccess != null) {
+            securityInterceptor.setPublishAuthorizationSuccess(filterSecurityPublishAuthorizationSuccess);
+        }
         securityInterceptor = postProcess(securityInterceptor);
         http.addFilter(securityInterceptor);
         http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
@@ -134,6 +140,21 @@ public R filterSecurityInterceptorOncePerRequest(
             return getSelf();
         }
 
+        /**
+         * Allows setting if the {@link FilterSecurityInterceptor} should send events when authorization is successful.
+         * By default only {@link AuthorizationFailureEvent}s  will be published. If you set this property to true,
+         * {@link AuthorizedEvent}s will also be published.
+         *
+         * @param filterSecurityPublishAuthorizationSuccess if the {@link FilterSecurityInterceptor} should send events
+         *                                                  when authorization is successful
+         * @return  the {@link AbstractInterceptUrlConfigurer} for further customization
+         */
+        public R filterSecurityPublishAuthorizationSuccess(
+                boolean filterSecurityPublishAuthorizationSuccess) {
+            AbstractInterceptUrlConfigurer.this.filterSecurityPublishAuthorizationSuccess = filterSecurityPublishAuthorizationSuccess;
+            return getSelf();
+        }
+
         /**
          * Returns a reference to the current object with a single suppression of
          * the type