root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 13 Packages Projects Releases Wiki Activity

SEC-990: Clarify the semantics of the ConsensusBased ADM. Added the suggested patch to the Javadoc for this class.

This commit is contained in:
Luke Taylor 2008-12-04 13:32:35 +00:00
parent ffc8637def
commit 7dfbcf2ddf
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
core/src/main/java/org/springframework/security/vote/ConsensusBased.java
View File

@ -15,17 +15,18 @@
package org.springframework.security.vote; package org.springframework.security.vote;
import java.util.List;
import org.springframework.security.AccessDeniedException; import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttribute;
import java.util.Iterator;
import java.util.List;
/** /**
* Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a consensus-based * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a
* approach. * consensus-based approach.
* <p>
* "Consensus" here means majority-rule (ignoring abstains) rather than unanimous agreement (ignoring abstains).
* If you require unanimity, please see {@link UnanimousBased}.
*/ */
public class ConsensusBased extends AbstractAccessDecisionManager { public class ConsensusBased extends AbstractAccessDecisionManager {
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -36,11 +37,13 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
/** /**
* This concrete implementation simply polls all configured {@link AccessDecisionVoter}s and upon * This concrete implementation simply polls all configured {@link AccessDecisionVoter}s and upon
* completion determines the consensus of granted vs denied responses.<p>If there were an equal number of * completion determines the consensus of granted against denied responses.
* grant and deny votes, the decision will be based on the {@link #isAllowIfEqualGrantedDeniedDecisions()} * <p>
* property (defaults to true).</p> * If there were an equal number of grant and deny votes, the decision will be based on the
* <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the * {@link #isAllowIfEqualGrantedDeniedDecisions()} property (defaults to true).
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p> * <p>
* If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
* {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
* *
* @param authentication the caller invoking the method * @param authentication the caller invoking the method
* @param object the secured object * @param object the secured object
@ -50,13 +53,11 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
*/ */
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes) public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
throws AccessDeniedException { throws AccessDeniedException {
Iterator iter = this.getDecisionVoters().iterator();
int grant = 0; int grant = 0;
int deny = 0; int deny = 0;
int abstain = 0; int abstain = 0;
while (iter.hasNext()) { for (AccessDecisionVoter voter : getDecisionVoters()) {
AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
int result = voter.vote(authentication, object, configAttributes); int result = voter.vote(authentication, object, configAttributes);
switch (result) { switch (result) {