Reformatting.
This commit is contained in:
Luke Taylor
parent
518ccada8c
commit
06c6c3b9f3
|
|
@ -22,13 +22,11 @@ import org.springframework.security.ConfigAttribute;
|
|||
import org.springframework.security.ConfigAttributeDefinition;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Votes if any {@link ConfigAttribute#getAttribute()} starts with a prefix
|
||||
* indicating that it is a role. The default prefix string is <Code>ROLE_</code>,
|
||||
* but this may be overriden to any value. It may also be set to empty, which
|
||||
* means that essentially any attribute will be voted on. As described further
|
||||
* below, the effect of an empty prefix may not be quite desireable.
|
||||
* </p>
|
||||
* <p>
|
||||
* Abstains from voting if no configuration attribute commences with the role
|
||||
* prefix. Votes to grant access if there is an exact matching
|
||||
|
|
@ -36,7 +34,6 @@ import org.springframework.security.ConfigAttributeDefinition;
|
|||
* starting with the role prefix. Votes to deny access if there is no exact
|
||||
* matching <code>GrantedAuthority</code> to a <code>ConfigAttribute</code>
|
||||
* starting with the role prefix.
|
||||
* </p>
|
||||
* <p>
|
||||
* An empty role prefix means that the voter will vote for every
|
||||
* ConfigAttribute. When there are different categories of ConfigAttributes
|
||||
|
|
@ -45,78 +42,74 @@ import org.springframework.security.ConfigAttributeDefinition;
|
|||
* using preexisting role names without a prefix, and no ability exists to
|
||||
* prefix them with a role prefix on reading them in, such as provided for
|
||||
* example in {@link org.springframework.security.userdetails.jdbc.JdbcDaoImpl}.
|
||||
* </p>
|
||||
* <p>
|
||||
* All comparisons and prefixes are case sensitive.
|
||||
* </p>
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author colin sampaleanu
|
||||
* @version $Id$
|
||||
*/
|
||||
public class RoleVoter implements AccessDecisionVoter {
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private String rolePrefix = "ROLE_";
|
||||
private String rolePrefix = "ROLE_";
|
||||
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public String getRolePrefix() {
|
||||
return rolePrefix;
|
||||
}
|
||||
public String getRolePrefix() {
|
||||
return rolePrefix;
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows the default role prefix of <code>ROLE_</code> to be overriden.
|
||||
* May be set to an empty value, although this is usually not desireable.
|
||||
*
|
||||
* @param rolePrefix the new prefix
|
||||
*/
|
||||
public void setRolePrefix(String rolePrefix) {
|
||||
this.rolePrefix = rolePrefix;
|
||||
}
|
||||
/**
|
||||
* Allows the default role prefix of <code>ROLE_</code> to be overriden.
|
||||
* May be set to an empty value, although this is usually not desireable.
|
||||
*
|
||||
* @param rolePrefix the new prefix
|
||||
*/
|
||||
public void setRolePrefix(String rolePrefix) {
|
||||
this.rolePrefix = rolePrefix;
|
||||
}
|
||||
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
if ((attribute.getAttribute() != null) && attribute.getAttribute().startsWith(getRolePrefix())) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This implementation supports any type of class, because it does not query
|
||||
* the presented secure object.
|
||||
*
|
||||
* @param clazz the secure object
|
||||
*
|
||||
* @return always <code>true</code>
|
||||
*/
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
/**
|
||||
* This implementation supports any type of class, because it does not query
|
||||
* the presented secure object.
|
||||
*
|
||||
* @param clazz the secure object
|
||||
*
|
||||
* @return always <code>true</code>
|
||||
*/
|
||||
public boolean supports(Class clazz) {
|
||||
return true;
|
||||
}
|
||||
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Iterator iter = config.getConfigAttributes();
|
||||
public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
|
||||
int result = ACCESS_ABSTAIN;
|
||||
Iterator iter = config.getConfigAttributes();
|
||||
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
while (iter.hasNext()) {
|
||||
ConfigAttribute attribute = (ConfigAttribute) iter.next();
|
||||
|
||||
if (this.supports(attribute)) {
|
||||
result = ACCESS_DENIED;
|
||||
if (this.supports(attribute)) {
|
||||
result = ACCESS_DENIED;
|
||||
|
||||
// Attempt to find a matching granted authority
|
||||
for (int i = 0; i < authentication.getAuthorities().length; i++) {
|
||||
if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
|
||||
return ACCESS_GRANTED;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Attempt to find a matching granted authority
|
||||
for (int i = 0; i < authentication.getAuthorities().length; i++) {
|
||||
if (attribute.getAttribute().equals(authentication.getAuthorities()[i].getAuthority())) {
|
||||
return ACCESS_GRANTED;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue