001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.vote;
017:
018: import org.acegisecurity.Authentication;
019: import org.acegisecurity.AuthenticationTrustResolver;
020: import org.acegisecurity.AuthenticationTrustResolverImpl;
021: import org.acegisecurity.ConfigAttribute;
022: import org.acegisecurity.ConfigAttributeDefinition;
023:
024: import org.springframework.util.Assert;
025:
026: import java.util.Iterator;
027:
028: /**
029: * <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
030: * <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
031: * order of most strict checking to least strict checking.</p>
032: * <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
033: * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
034: * org.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
035: * org.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
036: * access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
037: * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
038: * <p>All comparisons and prefixes are case sensitive.</p>
039: *
040: * @author Ben Alex
041: * @version $Id: AuthenticatedVoter.java 1948 2007-08-25 00:15:30Z benalex $
042: */
043: public class AuthenticatedVoter implements AccessDecisionVoter {
044: //~ Static fields/initializers =====================================================================================
045:
046: public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
047: public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
048: public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
049: //~ Instance fields ================================================================================================
050:
051: private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
052:
053: //~ Methods ========================================================================================================
054:
055: private boolean isFullyAuthenticated(Authentication authentication) {
056: return (!authenticationTrustResolver
057: .isAnonymous(authentication) && !authenticationTrustResolver
058: .isRememberMe(authentication));
059: }
060:
061: public void setAuthenticationTrustResolver(
062: AuthenticationTrustResolver authenticationTrustResolver) {
063: Assert.notNull(authenticationTrustResolver,
064: "AuthenticationTrustResolver cannot be set to null");
065: this .authenticationTrustResolver = authenticationTrustResolver;
066: }
067:
068: public boolean supports(ConfigAttribute attribute) {
069: if ((attribute.getAttribute() != null)
070: && (IS_AUTHENTICATED_FULLY.equals(attribute
071: .getAttribute())
072: || IS_AUTHENTICATED_REMEMBERED.equals(attribute
073: .getAttribute()) || IS_AUTHENTICATED_ANONYMOUSLY
074: .equals(attribute.getAttribute()))) {
075: return true;
076: } else {
077: return false;
078: }
079: }
080:
081: /**
082: * This implementation supports any type of class, because it does not query the presented secure object.
083: *
084: * @param clazz the secure object
085: *
086: * @return always <code>true</code>
087: */
088: public boolean supports(Class clazz) {
089: return true;
090: }
091:
092: public int vote(Authentication authentication, Object object,
093: ConfigAttributeDefinition config) {
094: int result = ACCESS_ABSTAIN;
095: Iterator iter = config.getConfigAttributes();
096:
097: while (iter.hasNext()) {
098: ConfigAttribute attribute = (ConfigAttribute) iter.next();
099:
100: if (this.supports(attribute)) {
101: result = ACCESS_DENIED;
102:
103: if (IS_AUTHENTICATED_FULLY.equals(attribute
104: .getAttribute())) {
105: if (isFullyAuthenticated(authentication)) {
106: return ACCESS_GRANTED;
107: }
108: }
109:
110: if (IS_AUTHENTICATED_REMEMBERED.equals(attribute
111: .getAttribute())) {
112: if (authenticationTrustResolver
113: .isRememberMe(authentication)
114: || isFullyAuthenticated(authentication)) {
115: return ACCESS_GRANTED;
116: }
117: }
118:
119: if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute
120: .getAttribute())) {
121: if (authenticationTrustResolver
122: .isAnonymous(authentication)
123: || isFullyAuthenticated(authentication)
124: || authenticationTrustResolver
125: .isRememberMe(authentication)) {
126: return ACCESS_GRANTED;
127: }
128: }
129: }
130: }
131:
132: return result;
133: }
134: }
|