Coverage Report

Coverage Report - org.acegisecurity.acl.basic.GrantedAuthorityEffectiveAclsResolver

Classes in this File

80%

94%

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.acl.basic;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.GrantedAuthority;
 
 import org.acegisecurity.acl.AclEntry;
 
 import org.acegisecurity.userdetails.UserDetails;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import java.util.List;
 import java.util.Vector;
 
 
 /**
  * Simple implementation of {@link EffectiveAclsResolver}.<P>This implementation does not need to understand the
  * "recipient" types presented in a <code>BasicAclEntry</code> because it merely delegates to the detected {@link
  * Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted
  * authorities object has its <code>Object.equals(recipient)</code> method called to make the decision as to whether
  * the recipient in the <code>BasicAclEntry</code> is the same as the principal or granted authority.</p>
  *  <P>This class should prove an adequate ACLs resolver if you're using standard Acegi Security classes. This is
  * because the typical <code>Authentication</code> token is <code>UsernamePasswordAuthenticationToken</code>, which
  * for its <code>principal</code> is usually a <code>String</code>. The <code>GrantedAuthorityImpl</code> is typically
  * used for granted authorities, which tests for equality based on a <code>String</code>. This means
  * <code>BasicAclDao</code>s simply need to return a <code>String</code> to represent the recipient. If you use
  * non-<code>String</code> objects, you will probably require an alternative <code>EffectiveAclsResolver</code>.</p>
  *
  * @author Ben Alex
  * @version $Id: GrantedAuthorityEffectiveAclsResolver.java 1784 2007-02-24 21:00:24Z luke_t $
  */
 public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResolver {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(GrantedAuthorityEffectiveAclsResolver.class);
 
     //~ Methods ========================================================================================================
 
     public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy) {
         if ((allAcls == null) || (allAcls.length == 0)) {
             return null;
         }
 
         List list = new Vector();
 
         if (logger.isDebugEnabled()) {
             logger.debug("Locating AclEntry[]s (from set of " + ((allAcls == null) ? 0 : allAcls.length)
                 + ") that apply to Authentication: " + filteredBy);
         }
 
         for (int i = 0; i < allAcls.length; i++) {
             if (!(allAcls[i] instanceof BasicAclEntry)) {
                 continue;
             }
 
             Object recipient = ((BasicAclEntry) allAcls[i]).getRecipient();
 
             // Allow the Authentication's getPrincipal to decide whether
             // the presented recipient is "equal" (allows BasicAclDaos to
             // return Strings rather than proper objects in simple cases)
             if (filteredBy.getPrincipal().equals(recipient)) {
                 if (logger.isDebugEnabled()) {
                     logger.debug("Principal matches AclEntry recipient: " + recipient);
                 }
 
                 list.add(allAcls[i]);
             } else if (filteredBy.getPrincipal() instanceof UserDetails
                 && ((UserDetails) filteredBy.getPrincipal()).getUsername().equals(recipient)) {
                 if (logger.isDebugEnabled()) {
                     logger.debug("Principal (from UserDetails) matches AclEntry recipient: " + recipient);
                 }
 
                 list.add(allAcls[i]);
             } else {
                 // No direct match against principal; try each authority.
                 // As with the principal, allow each of the Authentication's
                 // granted authorities to decide whether the presented
                 // recipient is "equal"
                 GrantedAuthority[] authorities = filteredBy.getAuthorities();
 
                 if ((authorities == null) || (authorities.length == 0)) {
                     if (logger.isDebugEnabled()) {
                         logger.debug("Did not match principal and there are no granted authorities, "
                                 + "so cannot compare with recipient: " + recipient);
                     }
 
                     continue;
                 }
 
                 for (int k = 0; k < authorities.length; k++) {
                     if (authorities[k].equals(recipient)) {
                         if (logger.isDebugEnabled()) {
                             logger.debug("GrantedAuthority: " + authorities[k] + " matches recipient: " + recipient);
                         }
 
                         list.add(allAcls[i]);
                     }
                 }
             }
         }
 
         // return null if appropriate (as per interface contract)
         if (list.size() > 0) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Returning effective AclEntry array with " + list.size() + " elements");
             }
 
             return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {});
         } else {
             if (logger.isDebugEnabled()) {
                 logger.debug("Returning null AclEntry array as zero effective AclEntrys found");
             }
 
             return null;
         }
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.acl.basic;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.GrantedAuthority;
20
21		import org.acegisecurity.acl.AclEntry;
22
23		import org.acegisecurity.userdetails.UserDetails;
24
25		import org.apache.commons.logging.Log;
26		import org.apache.commons.logging.LogFactory;
27
28		import java.util.List;
29		import java.util.Vector;
30
31
32		/**
33		* Simple implementation of {@link EffectiveAclsResolver}.<P>This implementation does not need to understand the
34		* "recipient" types presented in a <code>BasicAclEntry</code> because it merely delegates to the detected {@link
35		* Authentication#getPrincipal()} or {@link Authentication#getAuthorities()}. The principal object or granted
36		* authorities object has its <code>Object.equals(recipient)</code> method called to make the decision as to whether
37		* the recipient in the <code>BasicAclEntry</code> is the same as the principal or granted authority.</p>
38		* <P>This class should prove an adequate ACLs resolver if you're using standard Acegi Security classes. This is
39		* because the typical <code>Authentication</code> token is <code>UsernamePasswordAuthenticationToken</code>, which
40		* for its <code>principal</code> is usually a <code>String</code>. The <code>GrantedAuthorityImpl</code> is typically
41		* used for granted authorities, which tests for equality based on a <code>String</code>. This means
42		* <code>BasicAclDao</code>s simply need to return a <code>String</code> to represent the recipient. If you use
43		* non-<code>String</code> objects, you will probably require an alternative <code>EffectiveAclsResolver</code>.</p>
44		*
45		* @author Ben Alex
46		* @version $Id: GrantedAuthorityEffectiveAclsResolver.java 1784 2007-02-24 21:00:24Z luke_t $
47		*/
48	19	public class GrantedAuthorityEffectiveAclsResolver implements EffectiveAclsResolver {
49		//~ Static fields/initializers =====================================================================================
50
51	2	private static final Log logger = LogFactory.getLog(GrantedAuthorityEffectiveAclsResolver.class);
52
53		//~ Methods ========================================================================================================
54
55		public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, Authentication filteredBy) {
56	16	if ((allAcls == null) \|\| (allAcls.length == 0)) {
57	1	return null;
58		}
59
60	15	List list = new Vector();
61
62	15	if (logger.isDebugEnabled()) {
63	0	logger.debug("Locating AclEntry[]s (from set of " + ((allAcls == null) ? 0 : allAcls.length)
64		+ ") that apply to Authentication: " + filteredBy);
65		}
66
67	88	for (int i = 0; i < allAcls.length; i++) {
68	73	if (!(allAcls[i] instanceof BasicAclEntry)) {
69	1	continue;
70		}
71
72	72	Object recipient = ((BasicAclEntry) allAcls[i]).getRecipient();
73
74		// Allow the Authentication's getPrincipal to decide whether
75		// the presented recipient is "equal" (allows BasicAclDaos to
76		// return Strings rather than proper objects in simple cases)
77	72	if (filteredBy.getPrincipal().equals(recipient)) {
78	10	if (logger.isDebugEnabled()) {
79	0	logger.debug("Principal matches AclEntry recipient: " + recipient);
80		}
81
82	10	list.add(allAcls[i]);
83	62	} else if (filteredBy.getPrincipal() instanceof UserDetails
84		&& ((UserDetails) filteredBy.getPrincipal()).getUsername().equals(recipient)) {
85	4	if (logger.isDebugEnabled()) {
86	0	logger.debug("Principal (from UserDetails) matches AclEntry recipient: " + recipient);
87		}
88
89	4	list.add(allAcls[i]);
90		} else {
91		// No direct match against principal; try each authority.
92		// As with the principal, allow each of the Authentication's
93		// granted authorities to decide whether the presented
94		// recipient is "equal"
95	58	GrantedAuthority[] authorities = filteredBy.getAuthorities();
96
97	58	if ((authorities == null) \|\| (authorities.length == 0)) {
98	6	if (logger.isDebugEnabled()) {
99	0	logger.debug("Did not match principal and there are no granted authorities, "
100		+ "so cannot compare with recipient: " + recipient);
101		}
102
103		continue;
104		}
105
106	156	for (int k = 0; k < authorities.length; k++) {
107	104	if (authorities[k].equals(recipient)) {
108	26	if (logger.isDebugEnabled()) {
109	0	logger.debug("GrantedAuthority: " + authorities[k] + " matches recipient: " + recipient);
110		}
111
112	26	list.add(allAcls[i]);
113		}
114		}
115		}
116		}
117
118		// return null if appropriate (as per interface contract)
119	15	if (list.size() > 0) {
120	14	if (logger.isDebugEnabled()) {
121	0	logger.debug("Returning effective AclEntry array with " + list.size() + " elements");
122		}
123
124	14	return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {});
125		} else {
126	1	if (logger.isDebugEnabled()) {
127	0	logger.debug("Returning null AclEntry array as zero effective AclEntrys found");
128		}
129
130	1	return null;
131		}
132		}
133		}