UnanimousBased xref

View Javadoc

1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import org.acegisecurity.AccessDeniedException;
19  import org.acegisecurity.Authentication;
20  import org.acegisecurity.ConfigAttribute;
21  import org.acegisecurity.ConfigAttributeDefinition;
22  
23  import org.apache.commons.logging.Log;
24  import org.apache.commons.logging.LogFactory;
25  
26  import java.util.Iterator;
27  
28  
29  /***
30   * Simple concrete implementation of  {@link
31   * org.acegisecurity.AccessDecisionManager} that  requires all voters to
32   * abstain or grant access.
33   */
34  public class UnanimousBased extends AbstractAccessDecisionManager {
35      //~ Static fields/initializers =============================================
36  
37      private static final Log logger = LogFactory.getLog(UnanimousBased.class);
38  
39      //~ Methods ================================================================
40  
41      /***
42       * This concrete implementation polls all configured  {@link
43       * AccessDecisionVoter}s for each {@link ConfigAttribute} and grants
44       * access if <b>only</b> grant votes were received.
45       * 
46       * <p>
47       * Other voting implementations usually pass the entire list of {@link
48       * ConfigAttributeDefinition}s to the  <code>AccessDecisionVoter</code>.
49       * This implementation differs in that each
50       * <code>AccessDecisionVoter</code> knows only about a single
51       * <code>ConfigAttribute</code> at a time.
52       * </p>
53       * 
54       * <p>
55       * If every <code>AccessDecisionVoter</code> abstained from voting, the
56       * decision will be based on the {@link #isAllowIfAllAbstainDecisions()}
57       * property (defaults to false).
58       * </p>
59       *
60       * @param authentication the caller invoking the method
61       * @param object the secured object
62       * @param config the configuration attributes associated with the method
63       *        being invoked
64       *
65       * @throws AccessDeniedException if access is denied
66       */
67      public void decide(Authentication authentication, Object object,
68          ConfigAttributeDefinition config) throws AccessDeniedException {
69          int grant = 0;
70          int deny = 0;
71          int abstain = 0;
72  
73          Iterator configIter = config.getConfigAttributes();
74  
75          while (configIter.hasNext()) {
76              ConfigAttributeDefinition thisDef = new ConfigAttributeDefinition();
77              thisDef.addConfigAttribute((ConfigAttribute) configIter.next());
78  
79              Iterator voters = this.getDecisionVoters().iterator();
80  
81              while (voters.hasNext()) {
82                  AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
83                  int result = voter.vote(authentication, object, thisDef);
84  
85                  switch (result) {
86                  case AccessDecisionVoter.ACCESS_GRANTED:
87                      grant++;
88  
89                      break;
90  
91                  case AccessDecisionVoter.ACCESS_DENIED:
92                      deny++;
93  
94                      break;
95  
96                  default:
97                      abstain++;
98  
99                      break;
100                 }
101             }
102         }
103 
104         if (deny > 0) {
105             throw new AccessDeniedException(messages.getMessage(
106                     "AbstractAccessDecisionManager.accessDenied",
107                     "Access is denied"));
108         }
109 
110         // To get this far, there were no deny votes
111         if (grant > 0) {
112             return;
113         }
114 
115         // To get this far, every AccessDecisionVoter abstained
116         if (this.isAllowIfAllAbstainDecisions()) {
117             return;
118         } else {
119             throw new AccessDeniedException(messages.getMessage(
120                     "AbstractAccessDecisionManager.accessDenied",
121                     "Access is denied"));
122         }
123     }
124 }