|
|
@@ -15,17 +15,18 @@
|
|
|
|
|
|
package org.springframework.security.vote;
|
|
|
|
|
|
+import java.util.List;
|
|
|
+
|
|
|
import org.springframework.security.AccessDeniedException;
|
|
|
import org.springframework.security.Authentication;
|
|
|
import org.springframework.security.ConfigAttribute;
|
|
|
|
|
|
-import java.util.Iterator;
|
|
|
-import java.util.List;
|
|
|
-
|
|
|
-
|
|
|
/**
|
|
|
- * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a consensus-based
|
|
|
- * approach.
|
|
|
+ * Simple concrete implementation of {@link org.springframework.security.AccessDecisionManager} that uses a
|
|
|
+ * consensus-based approach.
|
|
|
+ * <p>
|
|
|
+ * "Consensus" here means majority-rule (ignoring abstains) rather than unanimous agreement (ignoring abstains).
|
|
|
+ * If you require unanimity, please see {@link UnanimousBased}.
|
|
|
*/
|
|
|
public class ConsensusBased extends AbstractAccessDecisionManager {
|
|
|
//~ Instance fields ================================================================================================
|
|
|
@@ -36,11 +37,13 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
|
|
|
|
|
|
/**
|
|
|
* This concrete implementation simply polls all configured {@link AccessDecisionVoter}s and upon
|
|
|
- * completion determines the consensus of granted vs denied responses.<p>If there were an equal number of
|
|
|
- * grant and deny votes, the decision will be based on the {@link #isAllowIfEqualGrantedDeniedDecisions()}
|
|
|
- * property (defaults to true).</p>
|
|
|
- * <p>If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
|
|
|
- * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).</p>
|
|
|
+ * completion determines the consensus of granted against denied responses.
|
|
|
+ * <p>
|
|
|
+ * If there were an equal number of grant and deny votes, the decision will be based on the
|
|
|
+ * {@link #isAllowIfEqualGrantedDeniedDecisions()} property (defaults to true).
|
|
|
+ * <p>
|
|
|
+ * If every <code>AccessDecisionVoter</code> abstained from voting, the decision will be based on the
|
|
|
+ * {@link #isAllowIfAllAbstainDecisions()} property (defaults to false).
|
|
|
*
|
|
|
* @param authentication the caller invoking the method
|
|
|
* @param object the secured object
|
|
|
@@ -49,14 +52,12 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
|
|
|
* @throws AccessDeniedException if access is denied
|
|
|
*/
|
|
|
public void decide(Authentication authentication, Object object, List<ConfigAttribute> configAttributes)
|
|
|
- throws AccessDeniedException {
|
|
|
- Iterator iter = this.getDecisionVoters().iterator();
|
|
|
+ throws AccessDeniedException {
|
|
|
int grant = 0;
|
|
|
int deny = 0;
|
|
|
int abstain = 0;
|
|
|
|
|
|
- while (iter.hasNext()) {
|
|
|
- AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
|
|
|
+ for (AccessDecisionVoter voter : getDecisionVoters()) {
|
|
|
int result = voter.vote(authentication, object, configAttributes);
|
|
|
|
|
|
switch (result) {
|
Luke Taylor