| Clover coverage report - Acegi Security System for Spring - 1.0.0-RC1 |
|
 |
|
|||||||||||||||||||
| Source file | Conditionals | Statements | Methods | TOTAL | |||||||||||||||
| RoleVoter.java | 100% | 100% | 100% | 100% |
|
||||||||||||||
| 1 | /* Copyright 2004 Acegi Technology Pty Limited | |
| 2 | * | |
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); | |
| 4 | * you may not use this file except in compliance with the License. | |
| 5 | * You may obtain a copy of the License at | |
| 6 | * | |
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 8 | * | |
| 9 | * Unless required by applicable law or agreed to in writing, software | |
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, | |
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| 12 | * See the License for the specific language governing permissions and | |
| 13 | * limitations under the License. | |
| 14 | */ | |
| 15 | ||
| 16 | package org.acegisecurity.vote; | |
| 17 | ||
| 18 | import org.acegisecurity.Authentication; | |
| 19 | import org.acegisecurity.ConfigAttribute; | |
| 20 | import org.acegisecurity.ConfigAttributeDefinition; | |
| 21 | ||
| 22 | import java.util.Iterator; | |
| 23 | ||
| 24 | ||
| 25 | /** | |
| 26 | * <p> | |
| 27 | * Votes if any {@link ConfigAttribute#getAttribute()} starts with a prefix | |
| 28 | * indicating that it is a role. The default prefix string is | |
| 29 | * <Code>ROLE_</code>, but this may be overriden to any value. It may also be | |
| 30 | * set to empty, which means that essentially any attribute will be voted on. | |
| 31 | * As described further below, the effect of an empty prefix may not be quite | |
| 32 | * desireable. | |
| 33 | * </p> | |
| 34 | * | |
| 35 | * <p> | |
| 36 | * Abstains from voting if no configuration attribute commences with the role | |
| 37 | * prefix. Votes to grant access if there is an exact matching {@link | |
| 38 | * org.acegisecurity.GrantedAuthority} to a <code>ConfigAttribute</code> | |
| 39 | * starting with the role prefix. Votes to deny access if there is no exact | |
| 40 | * matching <code>GrantedAuthority</code> to a <code>ConfigAttribute</code> | |
| 41 | * starting with the role prefix. | |
| 42 | * </p> | |
| 43 | * | |
| 44 | * <p> | |
| 45 | * An empty role prefix means that the voter will vote for every | |
| 46 | * ConfigAttribute. When there are different categories of ConfigAttributes | |
| 47 | * used, this will not be optimal since the voter will be voting for | |
| 48 | * attributes which do not represent roles. However, this option may be of | |
| 49 | * some use when using preexisting role names without a prefix, and no ability | |
| 50 | * exists to prefix them with a role prefix on reading them in, such as | |
| 51 | * provided for example in {@link | |
| 52 | * org.acegisecurity.userdetails.jdbc.JdbcDaoImpl}. | |
| 53 | * </p> | |
| 54 | * | |
| 55 | * <p> | |
| 56 | * All comparisons and prefixes are case sensitive. | |
| 57 | * </p> | |
| 58 | * | |
| 59 | * @author Ben Alex | |
| 60 | * @author colin sampaleanu | |
| 61 | * @version $Id: RoleVoter.java,v 1.6 2005/11/29 13:10:15 benalex Exp $ | |
| 62 | */ | |
| 63 | public class RoleVoter implements AccessDecisionVoter { | |
| 64 | //~ Instance fields ======================================================== | |
| 65 | ||
| 66 | private String rolePrefix = "ROLE_"; | |
| 67 | ||
| 68 | //~ Methods ================================================================ | |
| 69 | ||
| 70 | /** | |
| 71 | * Allows the default role prefix of <code>ROLE_</code> to be overriden. | |
| 72 | * May be set to an empty value, although this is usually not desireable. | |
| 73 | * | |
| 74 | * @param rolePrefix the new prefix | |
| 75 | */ | |
| 76 | 1 | public void setRolePrefix(String rolePrefix) { |
| 77 | 1 | this.rolePrefix = rolePrefix; |
| 78 | } | |
| 79 | ||
| 80 | 23 | public String getRolePrefix() { |
| 81 | 23 | return rolePrefix; |
| 82 | } | |
| 83 | ||
| 84 | 23 | public boolean supports(ConfigAttribute attribute) { |
| 85 | 23 | if ((attribute.getAttribute() != null) |
| 86 | && attribute.getAttribute().startsWith(getRolePrefix())) { | |
| 87 | 16 | return true; |
| 88 | } else { | |
| 89 | 7 | return false; |
| 90 | } | |
| 91 | } | |
| 92 | ||
| 93 | /** | |
| 94 | * This implementation supports any type of class, because it does not | |
| 95 | * query the presented secure object. | |
| 96 | * | |
| 97 | * @param clazz the secure object | |
| 98 | * | |
| 99 | * @return always <code>true</code> | |
| 100 | */ | |
| 101 | 1 | public boolean supports(Class clazz) { |
| 102 | 1 | return true; |
| 103 | } | |
| 104 | ||
| 105 | 23 | public int vote(Authentication authentication, Object object, |
| 106 | ConfigAttributeDefinition config) { | |
| 107 | 23 | int result = ACCESS_ABSTAIN; |
| 108 | 23 | Iterator iter = config.getConfigAttributes(); |
| 109 | ||
| 110 | 23 | while (iter.hasNext()) { |
| 111 | 23 | ConfigAttribute attribute = (ConfigAttribute) iter.next(); |
| 112 | ||
| 113 | 23 | if (this.supports(attribute)) { |
| 114 | 16 | result = ACCESS_DENIED; |
| 115 | ||
| 116 | // Attempt to find a matching granted authority | |
| 117 | 16 | for (int i = 0; i < authentication.getAuthorities().length; |
| 118 | i++) { | |
| 119 | 24 | if (attribute.getAttribute().equals(authentication |
| 120 | .getAuthorities()[i].getAuthority())) { | |
| 121 | 13 | return ACCESS_GRANTED; |
| 122 | } | |
| 123 | } | |
| 124 | } | |
| 125 | } | |
| 126 | ||
| 127 | 10 | return result; |
| 128 | } | |
| 129 | } |
|
||||||||||
