01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.vote;
17:
18: import org.acegisecurity.AccessDeniedException;
19: import org.acegisecurity.Authentication;
20: import org.acegisecurity.ConfigAttribute;
21: import org.acegisecurity.ConfigAttributeDefinition;
22:
23: import java.util.Iterator;
24:
25: /**
26: * Simple concrete implementation of {@link org.acegisecurity.AccessDecisionManager} that requires all voters to
27: * abstain or grant access.
28: */
29: public class UnanimousBased extends AbstractAccessDecisionManager {
30: //~ Methods ========================================================================================================
31:
32: /**
33: * This concrete implementation polls all configured {@link AccessDecisionVoter}s for each {@link
34: * ConfigAttribute} and grants access if <b>only</b> grant votes were received.<p>Other voting
35: * implementations usually pass the entire list of {@link ConfigAttributeDefinition}s to the
36: * <code>AccessDecisionVoter</code>. This implementation differs in that each <code>AccessDecisionVoter</code>
37: * knows only about a single <code>ConfigAttribute</code> at a time.</p>
38: * <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
39: * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
40: *
41: * @param authentication the caller invoking the method
42: * @param object the secured object
43: * @param config the configuration attributes associated with the method being invoked
44: *
45: * @throws AccessDeniedException if access is denied
46: */
47: public void decide(Authentication authentication, Object object,
48: ConfigAttributeDefinition config)
49: throws AccessDeniedException {
50: int grant = 0;
51: int abstain = 0;
52:
53: Iterator configIter = config.getConfigAttributes();
54:
55: while (configIter.hasNext()) {
56: ConfigAttributeDefinition this Def = new ConfigAttributeDefinition();
57: this Def.addConfigAttribute((ConfigAttribute) configIter
58: .next());
59:
60: Iterator voters = this .getDecisionVoters().iterator();
61:
62: while (voters.hasNext()) {
63: AccessDecisionVoter voter = (AccessDecisionVoter) voters
64: .next();
65: int result = voter
66: .vote(authentication, object, this Def);
67:
68: switch (result) {
69: case AccessDecisionVoter.ACCESS_GRANTED:
70: grant++;
71:
72: break;
73:
74: case AccessDecisionVoter.ACCESS_DENIED:
75: throw new AccessDeniedException(
76: messages
77: .getMessage(
78: "AbstractAccessDecisionManager.accessDenied",
79: "Access is denied"));
80:
81: default:
82: abstain++;
83:
84: break;
85: }
86: }
87: }
88:
89: // To get this far, there were no deny votes
90: if (grant > 0) {
91: return;
92: }
93:
94: // To get this far, every AccessDecisionVoter abstained
95: checkAllowIfAllAbstainDecisions();
96: }
97: }
|