1
package org.hisp.dhis.security.vote;
4
* Copyright (c) 2004-2007, University of Oslo
7
* Redistribution and use in source and binary forms, with or without
8
* modification, are permitted provided that the following conditions are met:
9
* * Redistributions of source code must retain the above copyright notice, this
10
* list of conditions and the following disclaimer.
11
* * Redistributions in binary form must reproduce the above copyright notice,
12
* this list of conditions and the following disclaimer in the documentation
13
* and/or other materials provided with the distribution.
14
* * Neither the name of the HISP project nor the names of its contributors may
15
* be used to endorse or promote products derived from this software without
16
* specific prior written permission.
18
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
19
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
22
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
25
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
import java.util.Collections;
33
import org.acegisecurity.Authentication;
34
import org.acegisecurity.ConfigAttributeDefinition;
35
import org.acegisecurity.GrantedAuthority;
36
import org.apache.commons.logging.Log;
37
import org.apache.commons.logging.LogFactory;
39
import com.opensymphony.xwork.config.entities.ActionConfig;
42
* AccessDecisionVoter which grants access if one of the granted authorities
43
* matches attribute prefix + module name. The module name is taken from an
44
* <code>com.opensymphony.xwork.config.entities.ActionConfig</code> object,
45
* which is the only type of object this voter supports.
47
* @author Torgeir Lorange Ostby
48
* @version $Id: ModuleAccessVoter.java 6352 2008-11-20 15:49:52Z larshelg $
50
public class ModuleAccessVoter
51
extends AbstractPrefixedAccessDecisionVoter
53
private static final Log LOG = LogFactory.getLog( ModuleAccessVoter.class );
55
// -------------------------------------------------------------------------
57
// -------------------------------------------------------------------------
59
private Set<String> alwaysAccessible = Collections.emptySet();
62
* Sets a set of names for modules which are always accessible.
64
public void setAlwaysAccessible( Set<String> alwaysAccessible )
66
this.alwaysAccessible = alwaysAccessible;
69
// -------------------------------------------------------------------------
70
// AccessDecisionVoter implementation
71
// -------------------------------------------------------------------------
74
* Returns true if the class equals
75
* <code>com.opensymphony.xwork.config.entities.ActionConfig</code>.
78
@SuppressWarnings( "unchecked" )
79
public boolean supports( Class clazz )
81
boolean result = ActionConfig.class.equals( clazz );
83
LOG.debug( "Supports class: " + clazz + ", " + result );
89
* Votes. Votes ACCESS_ABSTAIN if the object class is not supported. Votes
90
* ACCESS_GRANTED if there is a granted authority which equals attribute
91
* prefix + module name, or the module name is in the always accessible set.
92
* Otherwise votes ACCESS_DENIED.
94
public int vote( Authentication authentication, Object object, ConfigAttributeDefinition definition )
96
if ( !supports( object.getClass() ) )
98
LOG.debug( "ACCESS_ABSTAIN [" + object.toString() + "]: Class not supported." );
100
return ACCESS_ABSTAIN;
103
ActionConfig target = (ActionConfig) object;
105
if ( alwaysAccessible.contains( target.getPackageName() ) )
107
LOG.debug( "ACCESS_GRANTED [" + target.getPackageName() + "] by configuration." );
109
return ACCESS_GRANTED;
112
String requiredAuthority = attributePrefix + target.getPackageName();
114
for ( GrantedAuthority grantedAuthority : authentication.getAuthorities() )
116
if ( grantedAuthority.getAuthority().equals( requiredAuthority ) )
118
LOG.debug( "ACCESS_GRANTED [" + target.getPackageName() + "]" );
120
return ACCESS_GRANTED;
124
LOG.debug( "ACCESS_DENIED [" + target.getPackageName() + "]" );
126
return ACCESS_DENIED;