AffirmativeBased xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import org.acegisecurity.AccessDeniedException;
19  import org.acegisecurity.Authentication;
20  import org.acegisecurity.ConfigAttributeDefinition;
21  
22  import org.apache.commons.logging.Log;
23  import org.apache.commons.logging.LogFactory;
24  
25  import java.util.Iterator;
26  
27  
28  /***
29   * Simple concrete implementation of  {@link
30   * org.acegisecurity.AccessDecisionManager} that grants access if any
31   * <code>AccessDecisionVoter</code> returns an affirmative response.
32   */
33  public class AffirmativeBased extends AbstractAccessDecisionManager {
34      //~ Static fields/initializers =============================================
35  
36      private static final Log logger = LogFactory.getLog(AffirmativeBased.class);
37  
38      //~ Methods ================================================================
39  
40      /***
41       * This concrete implementation simply polls all configured  {@link
42       * AccessDecisionVoter}s and grants access if any
43       * <code>AccessDecisionVoter</code> voted affirmatively. Denies access
44       * only if there was a deny vote AND no affirmative votes.
45       * 
46       * <p>
47       * If every <code>AccessDecisionVoter</code> abstained from voting, the
48       * decision will be based on the {@link #isAllowIfAllAbstainDecisions()}
49       * property (defaults to false).
50       * </p>
51       *
52       * @param authentication the caller invoking the method
53       * @param object the secured object
54       * @param config the configuration attributes associated with the method
55       *        being invoked
56       *
57       * @throws AccessDeniedException if access is denied
58       */
59      public void decide(Authentication authentication, Object object,
60          ConfigAttributeDefinition config) throws AccessDeniedException {
61          Iterator iter = this.getDecisionVoters().iterator();
62          int deny = 0;
63  
64          while (iter.hasNext()) {
65              AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
66              int result = voter.vote(authentication, object, config);
67  
68              switch (result) {
69              case AccessDecisionVoter.ACCESS_GRANTED:
70                  return;
71  
72              case AccessDecisionVoter.ACCESS_DENIED:
73                  deny++;
74  
75                  break;
76  
77              default:
78                  break;
79              }
80          }
81  
82          if (deny > 0) {
83              throw new AccessDeniedException(messages.getMessage(
84                      "AbstractAccessDecisionManager.accessDenied",
85                      "Access is denied"));
86          }
87  
88          // To get this far, every AccessDecisionVoter abstained
89          if (this.isAllowIfAllAbstainDecisions()) {
90              return;
91          } else {
92              throw new AccessDeniedException(messages.getMessage(
93                      "AbstractAccessDecisionManager.accessDenied",
94                      "Access is denied"));
95          }
96      }
97  }