1
package org.hisp.dhis.security.vote;
4
* Copyright (c) 2004-2007, University of Oslo
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted provided that the following conditions are met:
9
* * Redistributions of source code must retain the above copyright notice, this
10
* list of conditions and the following disclaimer.
11
* * Redistributions in binary form must reproduce the above copyright notice,
12
* this list of conditions and the following disclaimer in the documentation
13
* and/or other materials provided with the distribution.
14
* * Neither the name of the HISP project nor the names of its contributors may
15
* be used to endorse or promote products derived from this software without
16
* specific prior written permission.
18
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
22
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
import java.util.Collections;
31
import java.util.List;
33
import org.acegisecurity.AccessDecisionManager;
34
import org.acegisecurity.AccessDeniedException;
35
import org.acegisecurity.Authentication;
36
import org.acegisecurity.ConfigAttribute;
37
import org.acegisecurity.ConfigAttributeDefinition;
38
import org.acegisecurity.InsufficientAuthenticationException;
39
import org.apache.commons.logging.Log;
40
import org.apache.commons.logging.LogFactory;
43
* AccessDecisionManager which delegates to other AccessDecisionManagers in a
44
* logical or fashion. Delegation is stopped at the first positive answer from
45
* the delegates, where the order of execution is defined by the list of
46
* AccessDecisionManagers. So if the first AccessDecisionManager grants access
47
* for a specific target, no other AccessDecisionManager is questioned.
49
* @author Torgeir Lorange Ostby
50
* @version $Id: LogicalOrAccessDecisionManager.java 6335 2008-11-20 11:11:26Z larshelg $
52
public class LogicalOrAccessDecisionManager
53
implements AccessDecisionManager
55
private static final Log LOG = LogFactory.getLog( LogicalOrAccessDecisionManager.class );
57
private List<AccessDecisionManager> accessDecisionManagers = Collections.emptyList();
59
public void setAccessDecisionManagers( List<AccessDecisionManager> accessDecisionManagers )
61
this.accessDecisionManagers = accessDecisionManagers;
64
// -------------------------------------------------------------------------
65
// Interface implementation
66
// -------------------------------------------------------------------------
68
public void decide( Authentication authentication, Object object, ConfigAttributeDefinition definition )
69
throws AccessDeniedException, InsufficientAuthenticationException
71
AccessDeniedException ade = null;
72
InsufficientAuthenticationException iae = null;
74
for ( AccessDecisionManager accessDecisionManager : accessDecisionManagers )
78
accessDecisionManager.decide( authentication, object, definition );
80
LOG.debug( "ACCESS GRANTED [" + object.toString() + "]" );
84
catch ( AccessDeniedException e )
88
catch ( InsufficientAuthenticationException e )
94
LOG.debug( "ACCESS DENIED [" + object.toString() + "]" );
107
public boolean supports( ConfigAttribute configAttribute )
109
for ( AccessDecisionManager accessDecisionManager : accessDecisionManagers )
111
if ( accessDecisionManager.supports( configAttribute ) )
120
@SuppressWarnings( "unchecked" )
121
public boolean supports( Class clazz )
123
for ( AccessDecisionManager accessDecisionManager : accessDecisionManagers )
125
if ( accessDecisionManager.supports( clazz ) )