Source Code Cross Referenced for MethodInvocationPrivilegeEvaluator.java in  » Security » acegi-security » org » acegisecurity » intercept » method » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002:         *
003:         * Licensed under the Apache License, Version 2.0 (the "License");
004:         * you may not use this file except in compliance with the License.
005:         * You may obtain a copy of the License at
006:         *
007:         *     http://www.apache.org/licenses/LICENSE-2.0
008:         *
009:         * Unless required by applicable law or agreed to in writing, software
010:         * distributed under the License is distributed on an "AS IS" BASIS,
011:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012:         * See the License for the specific language governing permissions and
013:         * limitations under the License.
014:         */
015:
016:        package org.acegisecurity.intercept.method;
017:
018:        import org.acegisecurity.AccessDeniedException;
019:        import org.acegisecurity.Authentication;
020:        import org.acegisecurity.ConfigAttributeDefinition;
021:
022:        import org.acegisecurity.intercept.AbstractSecurityInterceptor;
023:
024:        import org.aopalliance.intercept.MethodInvocation;
025:
026:        import org.apache.commons.logging.Log;
027:        import org.apache.commons.logging.LogFactory;
028:
029:        import org.springframework.beans.factory.InitializingBean;
030:
031:        import org.springframework.util.Assert;
032:
033:        /**
034:         * Allows users to determine whether they have "before invocation" privileges for a given method invocation.<p>Of
035:         * course, if an {@link org.acegisecurity.AfterInvocationManager} is used to authorize the <em>result</em> of a method
036:         * invocation, this class cannot assist determine whether or not the <code>AfterInvocationManager</code> will enable
037:         * access. Instead this class aims to allow applications to determine whether or not the current principal would be
038:         * allowed to at least attempt to invoke the method, irrespective of the "after" invocation handling.</p>
039:         *
040:         * @author Ben Alex
041:         * @version $Id: MethodInvocationPrivilegeEvaluator.java 1496 2006-05-23 13:38:33Z benalex $
042:         */
043:        public class MethodInvocationPrivilegeEvaluator implements 
044:                InitializingBean {
045:            //~ Static fields/initializers =====================================================================================
046:
047:            protected static final Log logger = LogFactory
048:                    .getLog(MethodInvocationPrivilegeEvaluator.class);
049:
050:            //~ Instance fields ================================================================================================
051:
052:            private AbstractSecurityInterceptor securityInterceptor;
053:
054:            //~ Methods ========================================================================================================
055:
056:            public void afterPropertiesSet() throws Exception {
057:                Assert.notNull(securityInterceptor,
058:                        "SecurityInterceptor required");
059:            }
060:
061:            public boolean isAllowed(MethodInvocation mi,
062:                    Authentication authentication) {
063:                Assert.notNull(mi, "MethodInvocation required");
064:                Assert.notNull(mi.getMethod(),
065:                        "MethodInvocation must provide a non-null getMethod()");
066:
067:                ConfigAttributeDefinition attrs = securityInterceptor
068:                        .obtainObjectDefinitionSource().getAttributes(mi);
069:
070:                if (attrs == null) {
071:                    if (securityInterceptor.isRejectPublicInvocations()) {
072:                        return false;
073:                    }
074:
075:                    return true;
076:                }
077:
078:                if ((authentication == null)
079:                        || (authentication.getAuthorities() == null)
080:                        || (authentication.getAuthorities().length == 0)) {
081:                    return false;
082:                }
083:
084:                try {
085:                    securityInterceptor.getAccessDecisionManager().decide(
086:                            authentication, mi, attrs);
087:                } catch (AccessDeniedException unauthorized) {
088:                    if (logger.isDebugEnabled()) {
089:                        logger.debug(mi.toString() + " denied for "
090:                                + authentication.toString(), unauthorized);
091:                    }
092:
093:                    return false;
094:                }
095:
096:                return true;
097:            }
098:
099:            public void setSecurityInterceptor(
100:                    AbstractSecurityInterceptor securityInterceptor) {
101:                Assert.notNull(securityInterceptor,
102:                        "AbstractSecurityInterceptor cannot be null");
103:                Assert
104:                        .isTrue(MethodInvocation.class
105:                                .equals(securityInterceptor
106:                                        .getSecureObjectClass()),
107:                                "AbstractSecurityInterceptor does not support MethodInvocations");
108:                Assert
109:                        .notNull(
110:                                securityInterceptor.getAccessDecisionManager(),
111:                                "AbstractSecurityInterceptor must provide a non-null AccessDecisionManager");
112:                this.securityInterceptor = securityInterceptor;
113:            }
114:        }