View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import org.acegisecurity.AccessDeniedException;
19  import org.acegisecurity.Authentication;
20  import org.acegisecurity.ConfigAttributeDefinition;
21  
22  import java.util.Iterator;
23  
24  
25  /**
26   * Simple concrete implementation of  {@link org.acegisecurity.AccessDecisionManager} that grants access if any
27   * <code>AccessDecisionVoter</code> returns an affirmative response.
28   */
29  public class AffirmativeBased extends AbstractAccessDecisionManager {
30      //~ Methods ========================================================================================================
31  
32      /**
33       * This concrete implementation simply polls all configured  {@link AccessDecisionVoter}s and grants access
34       * if any <code>AccessDecisionVoter</code> voted affirmatively. Denies access only if there was a deny vote AND no
35       * affirmative votes.<p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
36       * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
37       *
38       * @param authentication the caller invoking the method
39       * @param object the secured object
40       * @param config the configuration attributes associated with the method being invoked
41       *
42       * @throws AccessDeniedException if access is denied
43       */
44      public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
45          throws AccessDeniedException {
46          Iterator iter = this.getDecisionVoters().iterator();
47          int deny = 0;
48  
49          while (iter.hasNext()) {
50              AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
51              int result = voter.vote(authentication, object, config);
52  
53              switch (result) {
54              case AccessDecisionVoter.ACCESS_GRANTED:
55                  return;
56  
57              case AccessDecisionVoter.ACCESS_DENIED:
58                  deny++;
59  
60                  break;
61  
62              default:
63                  break;
64              }
65          }
66  
67          if (deny > 0) {
68              throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied",
69                      "Access is denied"));
70          }
71  
72          // To get this far, every AccessDecisionVoter abstained
73          checkAllowIfAllAbstainDecisions();
74      }
75  }