Search in sources :

Example 1 with AccessDecisionVoter

use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.

the class UnanimousBased method decide.

// ~ Methods
// ========================================================================================================
/**
	 * This concrete implementation polls all configured {@link AccessDecisionVoter}s for
	 * each {@link ConfigAttribute} and grants access if <b>only</b> grant (or abstain)
	 * votes were received.
	 * <p>
	 * Other voting implementations usually pass the entire list of
	 * <tt>ConfigAttribute</tt>s to the <code>AccessDecisionVoter</code>. This
	 * implementation differs in that each <code>AccessDecisionVoter</code> knows only
	 * about a single <code>ConfigAttribute</code> at a time.
	 * <p>
	 * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
	 * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
	 * false).
	 *
	 * @param authentication the caller invoking the method
	 * @param object the secured object
	 * @param attributes the configuration attributes associated with the method being
	 * invoked
	 *
	 * @throws AccessDeniedException if access is denied
	 */
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) throws AccessDeniedException {
    int grant = 0;
    int abstain = 0;
    List<ConfigAttribute> singleAttributeList = new ArrayList<ConfigAttribute>(1);
    singleAttributeList.add(null);
    for (ConfigAttribute attribute : attributes) {
        singleAttributeList.set(0, attribute);
        for (AccessDecisionVoter voter : getDecisionVoters()) {
            int result = voter.vote(authentication, object, singleAttributeList);
            if (logger.isDebugEnabled()) {
                logger.debug("Voter: " + voter + ", returned: " + result);
            }
            switch(result) {
                case AccessDecisionVoter.ACCESS_GRANTED:
                    grant++;
                    break;
                case AccessDecisionVoter.ACCESS_DENIED:
                    throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
                default:
                    abstain++;
                    break;
            }
        }
    }
    // To get this far, there were no deny votes
    if (grant > 0) {
        return;
    }
    // To get this far, every AccessDecisionVoter abstained
    checkAllowIfAllAbstainDecisions();
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) ConfigAttribute(org.springframework.security.access.ConfigAttribute) ArrayList(java.util.ArrayList) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)

Example 2 with AccessDecisionVoter

use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.

the class AffirmativeBased method decide.

// ~ Methods
// ========================================================================================================
/**
	 * This concrete implementation simply polls all configured
	 * {@link AccessDecisionVoter}s and grants access if any
	 * <code>AccessDecisionVoter</code> voted affirmatively. Denies access only if there
	 * was a deny vote AND no affirmative votes.
	 * <p>
	 * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will
	 * be based on the {@link #isAllowIfAllAbstainDecisions()} property (defaults to
	 * false).
	 * </p>
	 *
	 * @param authentication the caller invoking the method
	 * @param object the secured object
	 * @param configAttributes the configuration attributes associated with the method
	 * being invoked
	 *
	 * @throws AccessDeniedException if access is denied
	 */
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException {
    int deny = 0;
    for (AccessDecisionVoter voter : getDecisionVoters()) {
        int result = voter.vote(authentication, object, configAttributes);
        if (logger.isDebugEnabled()) {
            logger.debug("Voter: " + voter + ", returned: " + result);
        }
        switch(result) {
            case AccessDecisionVoter.ACCESS_GRANTED:
                return;
            case AccessDecisionVoter.ACCESS_DENIED:
                deny++;
                break;
            default:
                break;
        }
    }
    if (deny > 0) {
        throw new AccessDeniedException(messages.getMessage("AbstractAccessDecisionManager.accessDenied", "Access is denied"));
    }
    // To get this far, every AccessDecisionVoter abstained
    checkAllowIfAllAbstainDecisions();
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)

Example 3 with AccessDecisionVoter

use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.

the class PrePostSecured method setUp.

@Before
public final void setUp() throws Exception {
    MockitoAnnotations.initMocks(this);
    interceptor = new AspectJMethodSecurityInterceptor();
    AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(), new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
    adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
    interceptor.setAccessDecisionManager(adm);
    interceptor.setAuthenticationManager(authman);
    interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
    AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
    secAspect.setSecurityInterceptor(interceptor);
}
Also used : SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource) AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice) PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter) Before(org.junit.Before)

Example 4 with AccessDecisionVoter

use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.

the class ExpressionUrlAuthorizationConfigurer method getDecisionVoters.

@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    WebExpressionVoter expressionVoter = new WebExpressionVoter();
    expressionVoter.setExpressionHandler(getExpressionHandler(http));
    decisionVoters.add(expressionVoter);
    return decisionVoters;
}
Also used : ArrayList(java.util.ArrayList) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) WebExpressionVoter(org.springframework.security.web.access.expression.WebExpressionVoter)

Example 5 with AccessDecisionVoter

use of org.springframework.security.access.AccessDecisionVoter in project spring-security by spring-projects.

the class UrlAuthorizationConfigurer method getDecisionVoters.

/**
	 * Creates the default {@link AccessDecisionVoter} instances used if an
	 * {@link AccessDecisionManager} was not specified.
	 *
	 * @param http the builder to use
	 */
@Override
@SuppressWarnings("rawtypes")
final List<AccessDecisionVoter<? extends Object>> getDecisionVoters(H http) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());
    return decisionVoters;
}
Also used : AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter) ArrayList(java.util.ArrayList) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)

Aggregations

AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)8 ArrayList (java.util.ArrayList)5 AccessDeniedException (org.springframework.security.access.AccessDeniedException)3 AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)3 RoleVoter (org.springframework.security.access.vote.RoleVoter)3 ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)2 PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)2 AuthenticatedVoter (org.springframework.security.access.vote.AuthenticatedVoter)2 Before (org.junit.Before)1 Bean (org.springframework.context.annotation.Bean)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1 Jsr250Voter (org.springframework.security.access.annotation.Jsr250Voter)1 SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1 AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)1 MessageExpressionVoter (org.springframework.security.messaging.access.expression.MessageExpressionVoter)1 ChannelSecurityInterceptor (org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor)1 WebExpressionVoter (org.springframework.security.web.access.expression.WebExpressionVoter)1