Coverage Report

Coverage Report - org.acegisecurity.vote.AuthenticatedVoter

Classes in this File

Line Coverage

Branch Coverage

Complexity

AuthenticatedVoter

93%

100%

3.6

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.vote;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.AuthenticationTrustResolver;
 import org.acegisecurity.AuthenticationTrustResolverImpl;
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
 import org.springframework.util.Assert;
 
 import java.util.Iterator;
 
 
 /**
  * <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
  * <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
  * order of most strict checking to least strict checking.</p>
  *  <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
  * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
  * org.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
  * org.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
  * access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
  * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
  *  <p>All comparisons and prefixes are case sensitive.</p>
  *
  * @author Ben Alex
  * @version $Id: AuthenticatedVoter.java 1948 2007-08-25 00:15:30Z benalex $
  */
 public class AuthenticatedVoter implements AccessDecisionVoter {
     //~ Static fields/initializers =====================================================================================
 
     public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
     public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
     public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
     //~ Instance fields ================================================================================================
 
     private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
     
     //~ Methods ========================================================================================================
 
     private boolean isFullyAuthenticated(Authentication authentication) {
         return (!authenticationTrustResolver.isAnonymous(authentication)
         && !authenticationTrustResolver.isRememberMe(authentication));
     }
 
     public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
         Assert.notNull(authenticationTrustResolver, "AuthenticationTrustResolver cannot be set to null");
         this.authenticationTrustResolver = authenticationTrustResolver;
     }
 
     public boolean supports(ConfigAttribute attribute) {
         if ((attribute.getAttribute() != null)
             && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
             || IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
             || IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
             return true;
         } else {
             return false;
         }
     }
 
     /**
      * This implementation supports any type of class, because it does not query the presented secure object.
      *
      * @param clazz the secure object
      *
      * @return always <code>true</code>
      */
     public boolean supports(Class clazz) {
         return true;
     }
 
     public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
         int result = ACCESS_ABSTAIN;
         Iterator iter = config.getConfigAttributes();
 
         while (iter.hasNext()) {
             ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
             if (this.supports(attribute)) {
                 result = ACCESS_DENIED;
 
                 if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
                     if (isFullyAuthenticated(authentication)) {
                         return ACCESS_GRANTED;
                     }
                 }
 
                 if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
                     if (authenticationTrustResolver.isRememberMe(authentication)
                         || isFullyAuthenticated(authentication)) {
                         return ACCESS_GRANTED;
                     }
                 }
 
                 if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
                     if (authenticationTrustResolver.isAnonymous(authentication) || isFullyAuthenticated(authentication)
                         || authenticationTrustResolver.isRememberMe(authentication)) {
                         return ACCESS_GRANTED;
                     }
                 }
             }
         }
 
         return result;
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.vote;
17
18		import org.acegisecurity.Authentication;
19		import org.acegisecurity.AuthenticationTrustResolver;
20		import org.acegisecurity.AuthenticationTrustResolverImpl;
21		import org.acegisecurity.ConfigAttribute;
22		import org.acegisecurity.ConfigAttributeDefinition;
23
24		import org.springframework.util.Assert;
25
26		import java.util.Iterator;
27
28
29		/**
30		* <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
31		* <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
32		* order of most strict checking to least strict checking.</p>
33		* <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
34		* level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
35		* org.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
36		* org.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
37		* access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
38		* grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
39		* <p>All comparisons and prefixes are case sensitive.</p>
40		*
41		* @author Ben Alex
42		* @version $Id: AuthenticatedVoter.java 1948 2007-08-25 00:15:30Z benalex $
43		*/
44	5	public class AuthenticatedVoter implements AccessDecisionVoter {
45		//~ Static fields/initializers =====================================================================================
46
47		public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
48		public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
49		public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
50		//~ Instance fields ================================================================================================
51
52	5	private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
53
54		//~ Methods ========================================================================================================
55
56		private boolean isFullyAuthenticated(Authentication authentication) {
57	7	return (!authenticationTrustResolver.isAnonymous(authentication)
58		&& !authenticationTrustResolver.isRememberMe(authentication));
59		}
60
61		public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
62	1	Assert.notNull(authenticationTrustResolver, "AuthenticationTrustResolver cannot be set to null");
63	0	this.authenticationTrustResolver = authenticationTrustResolver;
64	0	}
65
66		public boolean supports(ConfigAttribute attribute) {
67	13	if ((attribute.getAttribute() != null)
68		&& (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
69		\|\| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
70		\|\| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
71	12	return true;
72		} else {
73	1	return false;
74		}
75		}
76
77		/**
78		* This implementation supports any type of class, because it does not query the presented secure object.
79		*
80		* @param clazz the secure object
81		*
82		* @return always <code>true</code>
83		*/
84		public boolean supports(Class clazz) {
85	1	return true;
86		}
87
88		public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
89	9	int result = ACCESS_ABSTAIN;
90	9	Iterator iter = config.getConfigAttributes();
91
92	12	while (iter.hasNext()) {
93	9	ConfigAttribute attribute = (ConfigAttribute) iter.next();
94
95	9	if (this.supports(attribute)) {
96	9	result = ACCESS_DENIED;
97
98	9	if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
99	3	if (isFullyAuthenticated(authentication)) {
100	1	return ACCESS_GRANTED;
101		}
102		}
103
104	8	if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
105	3	if (authenticationTrustResolver.isRememberMe(authentication)
106		\|\| isFullyAuthenticated(authentication)) {
107	2	return ACCESS_GRANTED;
108		}
109		}
110
111	6	if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
112	3	if (authenticationTrustResolver.isAnonymous(authentication) \|\| isFullyAuthenticated(authentication)
113		\|\| authenticationTrustResolver.isRememberMe(authentication)) {
114	3	return ACCESS_GRANTED;
115		}
116		}
117		}
118	3	}
119
120	3	return result;
121		}
122		}