Example 1 with AccessDecisionVoter
use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.
the class UnanimousBased method decide.
// ~ Methods
// ========================================================================================================
/**
* This concrete implementation polls all configured {@link AccessDecisionVoter}s for
* each {@link ConfigAttribute} and grants access if <b>only</b> grant (or abstain)
* votes were received.
* <p>
* Other voting implementations usually pass the entire list of
* <tt>ConfigAttribute</tt>s to the <code>AccessDecisionVoter</code>. This
* implementation differs in that each <code>AccessDecisionVoter</code> knows only
* about a single <code>ConfigAttribute</code> at a time.
* <p>
* If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
* be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
* false).
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param attributes the configuration attributes associated with the method being
* invoked
*
* @throws AccessDeniedException if access is denied
*/
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) throws AccessDeniedException {
int grant = 0;
int abstain = 0;
List<ConfigAttribute> singleAttributeList = new ArrayList<ConfigAttribute>(1);
singleAttributeList.add(null);
for (ConfigAttribute attribute : attributes) {
singleAttributeList.set(0, attribute);
for (AccessDecisionVoter voter : getDecisionVoters()) {
int result = voter.vote(authentication, object, singleAttributeList);
if (logger.isDebugEnabled()) {
logger.debug("Voter: " + voter + ", returned: " + result);
}
switch(result) {
case AccessDecisionVoter.ACCESS_GRANTED:
grant++;
break;
case AccessDecisionVoter.ACCESS_DENIED:
throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
default:
abstain++;
break;
}
}
}
// To get this far, there were no deny votes
if (grant > 0) {
return;
}
// To get this far, every AccessDecisionVoter abstained
checkAllowIfAllAbstainDecisions();
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
ArrayList(java.util.ArrayList)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
Example 2 with AccessDecisionVoter
use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.
the class AffirmativeBased method decide.
// ~ Methods
// ========================================================================================================
/**
* This concrete implementation simply polls all configured
* {@link AccessDecisionVoter}s and grants access if any
* <code>AccessDecisionVoter</code> voted affirmatively. Denies access only if there
* was a deny vote AND no affirmative votes.
* <p>
* If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
* be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
* false).
* </p>
*
* @param authentication the caller invoking the method
* @param object the secured object
* @param configAttributes the configuration attributes associated with the method
* being invoked
*
* @throws AccessDeniedException if access is denied
*/
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
int deny = 0;
for (AccessDecisionVoter voter : getDecisionVoters()) {
int result = voter.vote(authentication, object, configAttributes);
if (logger.isDebugEnabled()) {
logger.debug("Voter: " + voter + ", returned: " + result);
}
switch(result) {
case AccessDecisionVoter.ACCESS_GRANTED:
return;
case AccessDecisionVoter.ACCESS_DENIED:
deny++;
break;
default:
break;
}
}
if (deny > 0) {
throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
}
// To get this far, every AccessDecisionVoter abstained
checkAllowIfAllAbstainDecisions();
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
Example 3 with AccessDecisionVoter
use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.
the class PrePostSecured method setUp.
@Before
public final void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
interceptor = new AspectJMethodSecurityInterceptor();
AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(), new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
interceptor.setAccessDecisionManager(adm);
interceptor.setAuthenticationManager(authman);
interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
secAspect.setSecurityInterceptor(interceptor);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)
AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased)
RoleVoter(org.springframework.security.access.vote.RoleVoter)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)
PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)
Before(org.junit.Before)
Example 4 with AccessDecisionVoter
use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.
the class ExpressionUrlAuthorizationConfigurer method getDecisionVoters.
@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
WebExpressionVoter expressionVoter = new WebExpressionVoter();
expressionVoter.setExpressionHandler(getExpressionHandler(http));
decisionVoters.add(expressionVoter);
return decisionVoters;
}
Also used :
ArrayList(java.util.ArrayList)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
WebExpressionVoter(org.springframework.security.web.access.expression.WebExpressionVoter)
Example 5 with AccessDecisionVoter
use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.
the class UrlAuthorizationConfigurer method getDecisionVoters.
/**
* Creates the default {@link AccessDecisionVoter} instances used if an
* {@link AccessDecisionManager} was not specified.
*
* @param http the builder to use
*/
@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
decisionVoters.add(new RoleVoter());
decisionVoters.add(new AuthenticatedVoter());
return decisionVoters;
}
Also used :
AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter)
ArrayList(java.util.ArrayList)
RoleVoter(org.springframework.security.access.vote.RoleVoter)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
Aggregations
AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)8
ArrayList (java.util.ArrayList)5
AccessDeniedException (org.springframework.security.access.AccessDeniedException)3
AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)3
RoleVoter (org.springframework.security.access.vote.RoleVoter)3
ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)2
PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)2
AuthenticatedVoter (org.springframework.security.access.vote.AuthenticatedVoter)2
Before (org.junit.Before)1
Bean (org.springframework.context.annotation.Bean)1
ConfigAttribute (org.springframework.security.access.ConfigAttribute)1
Jsr250Voter (org.springframework.security.access.annotation.Jsr250Voter)1
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1
AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)1
MessageExpressionVoter (org.springframework.security.messaging.access.expression.MessageExpressionVoter)1
ChannelSecurityInterceptor (org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor)1
WebExpressionVoter (org.springframework.security.web.access.expression.WebExpressionVoter)1
