AuthenticatedVoter xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.vote;
17  
18  import org.acegisecurity.Authentication;
19  import org.acegisecurity.AuthenticationTrustResolver;
20  import org.acegisecurity.AuthenticationTrustResolverImpl;
21  import org.acegisecurity.ConfigAttribute;
22  import org.acegisecurity.ConfigAttributeDefinition;
23  
24  import org.springframework.util.Assert;
25  
26  import java.util.Iterator;
27  
28  
29  /**
30   * <p>Votes if a {@link ConfigAttribute#getAttribute()} of <code>IS_AUTHENTICATED_FULLY</code> or
31   * <code>IS_AUTHENTICATED_REMEMBERED</code> or <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in
32   * order of most strict checking to least strict checking.</p>
33   *  <p>The current <code>Authentication</code> will be inspected to determine if the principal has a particular
34   * level of authentication. The "FULLY" authenticated option means the user is authenticated fully (ie {@link
35   * org.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)} is false and {@link
36   * org.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)} is false. The "REMEMBERED" will grant
37   * access if the principal was either authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY" will
38   * grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.</p>
39   *  <p>All comparisons and prefixes are case sensitive.</p>
40   *
41   * @author Ben Alex
42   * @version $Id: AuthenticatedVoter.java 1948 2007-08-25 00:15:30Z benalex $
43   */
44  public class AuthenticatedVoter implements AccessDecisionVoter {
45      //~ Static fields/initializers =====================================================================================
46  
47      public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
48      public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
49      public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
50      //~ Instance fields ================================================================================================
51  
52      private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
53      
54      //~ Methods ========================================================================================================
55  
56      private boolean isFullyAuthenticated(Authentication authentication) {
57          return (!authenticationTrustResolver.isAnonymous(authentication)
58          && !authenticationTrustResolver.isRememberMe(authentication));
59      }
60  
61      public void setAuthenticationTrustResolver(AuthenticationTrustResolver authenticationTrustResolver) {
62          Assert.notNull(authenticationTrustResolver, "AuthenticationTrustResolver cannot be set to null");
63          this.authenticationTrustResolver = authenticationTrustResolver;
64      }
65  
66      public boolean supports(ConfigAttribute attribute) {
67          if ((attribute.getAttribute() != null)
68              && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
69              || IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
70              || IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
71              return true;
72          } else {
73              return false;
74          }
75      }
76  
77      /**
78       * This implementation supports any type of class, because it does not query the presented secure object.
79       *
80       * @param clazz the secure object
81       *
82       * @return always <code>true</code>
83       */
84      public boolean supports(Class clazz) {
85          return true;
86      }
87  
88      public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
89          int result = ACCESS_ABSTAIN;
90          Iterator iter = config.getConfigAttributes();
91  
92          while (iter.hasNext()) {
93              ConfigAttribute attribute = (ConfigAttribute) iter.next();
94  
95              if (this.supports(attribute)) {
96                  result = ACCESS_DENIED;
97  
98                  if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
99                      if (isFullyAuthenticated(authentication)) {
100                         return ACCESS_GRANTED;
101                     }
102                 }
103 
104                 if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
105                     if (authenticationTrustResolver.isRememberMe(authentication)
106                         || isFullyAuthenticated(authentication)) {
107                         return ACCESS_GRANTED;
108                     }
109                 }
110 
111                 if (IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute())) {
112                     if (authenticationTrustResolver.isAnonymous(authentication) || isFullyAuthenticated(authentication)
113                         || authenticationTrustResolver.isRememberMe(authentication)) {
114                         return ACCESS_GRANTED;
115                     }
116                 }
117             }
118         }
119 
120         return result;
121     }
122 }