privateblogvoter.java

File Source: privateblogvoter.java

         /* 
    P/P   *  Method: net.sourceforge.pebble.security.PrivateBlogVoter__static_init
          */
     1  /*
     2   * Copyright (c) 2003-2006, Simon Brown
     3   * All rights reserved.
     4   *
     5   * Redistribution and use in source and binary forms, with or without
     6   * modification, are permitted provided that the following conditions are met:
     7   *
     8   *   - Redistributions of source code must retain the above copyright
     9   *     notice, this list of conditions and the following disclaimer.
    10   *
    11   *   - Redistributions in binary form must reproduce the above copyright
    12   *     notice, this list of conditions and the following disclaimer in
    13   *     the documentation and/or other materials provided with the
    14   *     distribution.
    15   *
    16   *   - Neither the name of Pebble nor the names of its contributors may
    17   *     be used to endorse or promote products derived from this software
    18   *     without specific prior written permission.
    19   *
    20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
    24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    30   * POSSIBILITY OF SUCH DAMAGE.
    31   */
    32  package net.sourceforge.pebble.security;
    33  
    34  import net.sourceforge.pebble.domain.Blog;
    35  import net.sourceforge.pebble.util.SecurityUtils;
    36  import org.acegisecurity.Authentication;
    37  import org.acegisecurity.ConfigAttribute;
    38  import org.acegisecurity.ConfigAttributeDefinition;
    39  import org.acegisecurity.vote.AccessDecisionVoter;
    40  
    41  /**
    42   * AccessDecisionVoter that votes ACCESS_GRANTED if the user is :
    43   *  - a blog admin user
    44   *  - authorised for the blog (owner, publisher or contributor)
    45   *  - a blog reader
    46   *
    47   * Otherwise, access is denied.
    48   *
    49   * @author Simon Brown
    50   */
         /* 
    P/P   *  Method: void net.sourceforge.pebble.security.PrivateBlogVoter()
          */
    51  public class PrivateBlogVoter implements AccessDecisionVoter {
    52  
    53    /**
    54     * Indicates whether this <code>AccessDecisionVoter</code> is able to vote on the passed
    55     * <code>ConfigAttribute</code>.<p>This allows the <code>AbstractSecurityInterceptor</code> to check every
    56     * configuration attribute can be consumed by the configured <code>AccessDecisionManager</code> and/or
    57     * <code>RunAsManager</code> and/or <code>AfterInvocationManager</code>.</p>
    58     *
    59     * @param attribute a configuration attribute that has been configured against the
    60     *                  <code>AbstractSecurityInterceptor</code>
    61     * @return true if this <code>AccessDecisionVoter</code> can support the passed configuration attribute
    62     */
    63    public boolean supports(ConfigAttribute attribute) {
             /* 
    P/P       *  Method: bool supports(ConfigAttribute)
              * 
              *  Postconditions:
              *    return_value == 1
              */
    64      return true;
    65    }
    66  
    67    /**
    68     * Indicates whether the <code>AccessDecisionVoter</code> implementation is able to provide access control
    69     * votes for the indicated secured object type.
    70     *
    71     * @param clazz the class that is being queried
    72     * @return true if the implementation can process the indicated class
    73     */
    74    public boolean supports(Class clazz) {
             /* 
    P/P       *  Method: bool supports(Class)
              * 
              *  Postconditions:
              *    return_value == 1
              */
    75      return true;
    76    }
    77  
    78    /**
    79     * Indicates whether or not access is granted.<p>The decision must be affirmative
    80     * (<code>ACCESS_GRANTED</code>), negative (<code>ACCESS_DENIED</code>) or the <code>AccessDecisionVoter</code>
    81     * can abstain (<code>ACCESS_ABSTAIN</code>) from voting. Under no circumstances should implementing classes
    82     * return any other value. If a weighting of results is desired, this should be handled in a custom {@link
    83     * org.acegisecurity.AccessDecisionManager} instead.</p>
    84     * <P>Unless an <code>AccessDecisionVoter</code> is specifically intended to vote on an access control
    85     * decision due to a passed method invocation or configuration attribute parameter, it must return
    86     * <code>ACCESS_ABSTAIN</code>. This prevents the coordinating <code>AccessDecisionManager</code> from counting
    87     * votes from those <code>AccessDecisionVoter</code>s without a legitimate interest in the access control
    88     * decision.</p>
    89     * <p>Whilst the method invocation is passed as a parameter to maximise flexibility in making access
    90     * control decisions, implementing classes must never modify the behaviour of the method invocation (such as
    91     * calling <Code>MethodInvocation.proceed()</code>).</p>
    92     *
    93     * @param authentication the caller invoking the method
    94     * @param object         the secured object
    95     * @param config         the configuration attributes associated with the method being invoked
    96     * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or {@link #ACCESS_DENIED}
    97     */
    98    public int vote(Authentication authentication, Object object, ConfigAttributeDefinition config) {
             /* 
    P/P       *  Method: int vote(Authentication, Object, ConfigAttributeDefinition)
              * 
              *  Preconditions:
              *    config != null
              *    (soft) config.blog != null
              * 
              *  Postconditions:
              *    return_value in {-1, 1}
              * 
              *  Test Vectors:
              *    net.sourceforge.pebble.domain.Blog:isUserInRole(...)@236: {0}, {1}
              */
    99      PrivateBlogConfigAttributeDefinition cad = (PrivateBlogConfigAttributeDefinition)config;
   100      Blog blog = cad.getBlog();
   101  
   102      if (SecurityUtils.isBlogAdmin(authentication)) {
   103        // admin users need access to all blogs
   104        return ACCESS_GRANTED;
   105      } else if (SecurityUtils.isUserAuthorisedForBlog(authentication, blog)) {
   106        // blog owners/publishers/contributors need access, if they have it
   107        return ACCESS_GRANTED;
   108      } else if (SecurityUtils.isUserAuthorisedForBlogAsBlogReader(authentication, blog)) {
   109        // the user is an authorised blog reader
   110          return ACCESS_GRANTED;
   111      }
   112  
   113      return ACCESS_DENIED;
   114    }
   115  }
SofCheck Inspector Build Version : 2.22510
privateblogvoter.java	2010-Jun-25 19:40:32
privateblogvoter.class	2010-Jul-19 20:23:38