Coverage Report

Coverage Report - org.acegisecurity.vote.ConsensusBased

Classes in this File

100%

4.667

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.vote;
 
 import org.acegisecurity.AccessDeniedException;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.ConfigAttributeDefinition;
 
 import java.util.Iterator;
 
 
 /**
  * Simple concrete implementation of  {@link org.acegisecurity.AccessDecisionManager} that uses a  consensus-based
  * approach.
  */
 public class ConsensusBased extends AbstractAccessDecisionManager {
     //~ Instance fields ================================================================================================
 
     private boolean allowIfEqualGrantedDeniedDecisions = true;
 
     //~ Methods ========================================================================================================
 
     /**
      * This concrete implementation simply polls all configured  {@link AccessDecisionVoter}s and upon
      * completion determines the consensus of granted vs denied responses.<p>If there were an equal number of
      * grant and deny votes, the decision will be based on the {@link #isAllowIfEqualGrantedDeniedDecisions()}
      * property (defaults to true).</p>
      *  <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
      * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
      *
      * @param authentication the caller invoking the method
      * @param object the secured object
      * @param config the configuration attributes associated with the method being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
     public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
         throws AccessDeniedException {
         Iterator iter = this.getDecisionVoters().iterator();
         int grant = 0;
         int deny = 0;
         int abstain = 0;
 
         while (iter.hasNext()) {
             AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
             int result = voter.vote(authentication, object, config);
 
             switch (result) {
             case AccessDecisionVoter.ACCESS_GRANTED:
                 grant++;
 
                 break;
 
             case AccessDecisionVoter.ACCESS_DENIED:
                 deny++;
 
                 break;
 
             default:
                 abstain++;
 
                 break;
             }
         }
 
         if (grant > deny) {
             return;
         }
 
         if (deny > grant) {
             throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
                     "Access is denied"));
         }
 
         if ((grant == deny) && (grant != 0)) {
             if (this.allowIfEqualGrantedDeniedDecisions) {
                 return;
             } else {
                 throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
                         "Access is denied"));
             }
         }
 
         // To get this far, every AccessDecisionVoter abstained
         checkAllowIfAllAbstainDecisions();
     }
 
     public boolean isAllowIfEqualGrantedDeniedDecisions() {
         return allowIfEqualGrantedDeniedDecisions;
     }
 
     public void setAllowIfEqualGrantedDeniedDecisions(boolean allowIfEqualGrantedDeniedDecisions) {
         this.allowIfEqualGrantedDeniedDecisions = allowIfEqualGrantedDeniedDecisions;
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.vote;
17
18		import org.acegisecurity.AccessDeniedException;
19		import org.acegisecurity.Authentication;
20		import org.acegisecurity.ConfigAttributeDefinition;
21
22		import java.util.Iterator;
23
24
25		/**
26		* Simple concrete implementation of {@link org.acegisecurity.AccessDecisionManager} that uses a consensus-based
27		* approach.
28		*/
29	7	public class ConsensusBased extends AbstractAccessDecisionManager {
30		//~ Instance fields ================================================================================================
31
32	7	private boolean allowIfEqualGrantedDeniedDecisions = true;
33
34		//~ Methods ========================================================================================================
35
36		/**
37		* This concrete implementation simply polls all configured {@link AccessDecisionVoter}s and upon
38		* completion determines the consensus of granted vs denied responses.<p>If there were an equal number of
39		* grant and deny votes, the decision will be based on the {@link #isAllowIfEqualGrantedDeniedDecisions()}
40		* property (defaults to true).</p>
41		* <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
42		* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
43		*
44		* @param authentication the caller invoking the method
45		* @param object the secured object
46		* @param config the configuration attributes associated with the method being invoked
47		*
48		* @throws AccessDeniedException if access is denied
49		*/
50		public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
51		throws AccessDeniedException {
52	7	Iterator iter = this.getDecisionVoters().iterator();
53	7	int grant = 0;
54	7	int deny = 0;
55	7	int abstain = 0;
56
57	28	while (iter.hasNext()) {
58	21	AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
59	21	int result = voter.vote(authentication, object, config);
60
61	21	switch (result) {
62		case AccessDecisionVoter.ACCESS_GRANTED:
63	4	grant++;
64
65	4	break;
66
67		case AccessDecisionVoter.ACCESS_DENIED:
68	3	deny++;
69
70	3	break;
71
72		default:
73	14	abstain++;
74
75		break;
76		}
77	21	}
78
79	7	if (grant > deny) {
80	2	return;
81		}
82
83	5	if (deny > grant) {
84	1	throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
85		"Access is denied"));
86		}
87
88	4	if ((grant == deny) && (grant != 0)) {
89	2	if (this.allowIfEqualGrantedDeniedDecisions) {
90	1	return;
91		} else {
92	1	throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
93		"Access is denied"));
94		}
95		}
96
97		// To get this far, every AccessDecisionVoter abstained
98	2	checkAllowIfAllAbstainDecisions();
99	1	}
100
101		public boolean isAllowIfEqualGrantedDeniedDecisions() {
102	2	return allowIfEqualGrantedDeniedDecisions;
103		}
104
105		public void setAllowIfEqualGrantedDeniedDecisions(boolean allowIfEqualGrantedDeniedDecisions) {
106	1	this.allowIfEqualGrantedDeniedDecisions = allowIfEqualGrantedDeniedDecisions;
107	1	}
108		}