Coverage Report

Coverage Report - org.acegisecurity.vote.RoleVoter

Classes in this File

100%

2.4

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.vote;
 
 import java.util.Iterator;
 
 import org.acegisecurity.Authentication;
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
 /**
  * <p>
  * Votes if any {@link ConfigAttribute#getAttribute()} starts with a prefix
  * indicating that it is a role. The default prefix string is <Code>ROLE_</code>,
  * but this may be overriden to any value. It may also be set to empty, which
  * means that essentially any attribute will be voted on. As described further
  * below, the effect of an empty prefix may not be quite desireable.
  * </p>
  * <p>
  * Abstains from voting if no configuration attribute commences with the role
  * prefix. Votes to grant access if there is an exact matching
  * {@link org.acegisecurity.GrantedAuthority} to a <code>ConfigAttribute</code>
  * starting with the role prefix. Votes to deny access if there is no exact
  * matching <code>GrantedAuthority</code> to a <code>ConfigAttribute</code>
  * starting with the role prefix.
  * </p>
  * <p>
  * An empty role prefix means that the voter will vote for every
  * ConfigAttribute. When there are different categories of ConfigAttributes
  * used, this will not be optimal since the voter will be voting for attributes
  * which do not represent roles. However, this option may be of some use when
  * using preexisting role names without a prefix, and no ability exists to
  * prefix them with a role prefix on reading them in, such as provided for
  * example in {@link org.acegisecurity.userdetails.jdbc.JdbcDaoImpl}.
  * </p>
  * <p>
  * All comparisons and prefixes are case sensitive.
  * </p>
  * 
  * @author Ben Alex
  * @author colin sampaleanu
  * @version $Id: RoleVoter.java 1948 2007-08-25 00:15:30Z benalex $
  */
 public class RoleVoter implements AccessDecisionVoter {
         // ~ Instance fields
         // ================================================================================================
 
         private String rolePrefix = "ROLE_";
 
         // ~ Methods
         // ========================================================================================================
 
         public String getRolePrefix() {
                 return rolePrefix;
         }
 
         /**
          * Allows the default role prefix of <code>ROLE_</code> to be overriden.
          * May be set to an empty value, although this is usually not desireable.
          * 
          * @param rolePrefix the new prefix
          */
         public void setRolePrefix(String rolePrefix) {
                 this.rolePrefix = rolePrefix;
         }
 
         public boolean supports(ConfigAttribute attribute) {
                 if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
                         return true;
                 }
                 else {
                         return false;
                 }
         }
 
         /**
          * This implementation supports any type of class, because it does not query
          * the presented secure object.
          * 
          * @param clazz the secure object
          * 
          * @return always <code>true</code>
          */
         public boolean supports(Class clazz) {
                 return true;
         }
 
         public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
                 int result = ACCESS_ABSTAIN;
                 Iterator iter = config.getConfigAttributes();
 
                 while (iter.hasNext()) {
                         ConfigAttribute attribute = (ConfigAttribute) iter.next();
 
                         if (this.supports(attribute)) {
                                 result = ACCESS_DENIED;
 
                                 // Attempt to find a matching granted authority
                                 for (int i = 0; i < authentication.getAuthorities().length; i++) {
                                         if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
                                                 return ACCESS_GRANTED;
                                         }
                                 }
                         }
                 }
 
                 return result;
         }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.vote;
17
18		import java.util.Iterator;
19
20		import org.acegisecurity.Authentication;
21		import org.acegisecurity.ConfigAttribute;
22		import org.acegisecurity.ConfigAttributeDefinition;
23
24		/**
25		* <p>
26		* Votes if any {@link ConfigAttribute#getAttribute()} starts with a prefix
27		* indicating that it is a role. The default prefix string is <Code>ROLE_</code>,
28		* but this may be overriden to any value. It may also be set to empty, which
29		* means that essentially any attribute will be voted on. As described further
30		* below, the effect of an empty prefix may not be quite desireable.
31		* </p>
32		* <p>
33		* Abstains from voting if no configuration attribute commences with the role
34		* prefix. Votes to grant access if there is an exact matching
35		* {@link org.acegisecurity.GrantedAuthority} to a <code>ConfigAttribute</code>
36		* starting with the role prefix. Votes to deny access if there is no exact
37		* matching <code>GrantedAuthority</code> to a <code>ConfigAttribute</code>
38		* starting with the role prefix.
39		* </p>
40		* <p>
41		* An empty role prefix means that the voter will vote for every
42		* ConfigAttribute. When there are different categories of ConfigAttributes
43		* used, this will not be optimal since the voter will be voting for attributes
44		* which do not represent roles. However, this option may be of some use when
45		* using preexisting role names without a prefix, and no ability exists to
46		* prefix them with a role prefix on reading them in, such as provided for
47		* example in {@link org.acegisecurity.userdetails.jdbc.JdbcDaoImpl}.
48		* </p>
49		* <p>
50		* All comparisons and prefixes are case sensitive.
51		* </p>
52		*
53		* @author Ben Alex
54		* @author colin sampaleanu
55		* @version $Id: RoleVoter.java 1948 2007-08-25 00:15:30Z benalex $
56		*/
57	21	public class RoleVoter implements AccessDecisionVoter {
58		// ~ Instance fields
59		// ================================================================================================
60
61	21	private String rolePrefix = "ROLE_";
62
63		// ~ Methods
64		// ========================================================================================================
65
66		public String getRolePrefix() {
67	67	return rolePrefix;
68		}
69
70		/**
71		* Allows the default role prefix of <code>ROLE_</code> to be overriden.
72		* May be set to an empty value, although this is usually not desireable.
73		*
74		* @param rolePrefix the new prefix
75		*/
76		public void setRolePrefix(String rolePrefix) {
77	1	this.rolePrefix = rolePrefix;
78	1	}
79
80		public boolean supports(ConfigAttribute attribute) {
81	67	if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
82	40	return true;
83		}
84		else {
85	27	return false;
86		}
87		}
88
89		/**
90		* This implementation supports any type of class, because it does not query
91		* the presented secure object.
92		*
93		* @param clazz the secure object
94		*
95		* @return always <code>true</code>
96		*/
97		public boolean supports(Class clazz) {
98	1	return true;
99		}
100
101		public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
102	67	int result = ACCESS_ABSTAIN;
103	67	Iterator iter = config.getConfigAttributes();
104
105	97	while (iter.hasNext()) {
106	67	ConfigAttribute attribute = (ConfigAttribute) iter.next();
107
108	67	if (this.supports(attribute)) {
109	40	result = ACCESS_DENIED;
110
111		// Attempt to find a matching granted authority
112	51	for (int i = 0; i < authentication.getAuthorities().length; i++) {
113	48	if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
114	37	return ACCESS_GRANTED;
115		}
116		}
117		}
118	30	}
119
120	30	return result;
121		}
122		}