private int getVotingResult(
Authentication authentication, Object object, VoterConfigTuple voterConfigTuple) {
logger.info(
"Called getVotingResult Method: username-"
+ authentication.getName()
+ "and voter "
+ voterConfigTuple.getVoter().toString()
+ "and config attribute"
+ voterConfigTuple.getConfigAttribute().getAttribute());
return voterConfigTuple
.getVoter()
.vote(
authentication,
object,
new ConfigAttributeDefinition(voterConfigTuple.getConfigAttribute()));
}
@Override
public void decide(Authentication authentication, Object object, ConfigAttributeDefinition config)
throws AccessDeniedException {
logger.info(
"@@@@@@@@@@ Access decision manager decide method called : username "
+ authentication.getName()
+ " @@@@@@@@@@@@@");
int grant = 0;
int abstain = 0;
Iterator voterList = getDecisionVoters().iterator();
Set<VoterConfigTuple> roleVoterConfigTuple = new HashSet<VoterConfigTuple>();
Set<VoterConfigTuple> aclVoterConfigTuple = new HashSet<VoterConfigTuple>();
while (voterList.hasNext()) {
AccessDecisionVoter voter = (AccessDecisionVoter) voterList.next();
logger.debug("Voter : " + voter.toString());
Iterator configIter = config.getConfigAttributes().iterator();
while (configIter.hasNext()) {
ConfigAttribute configAttribute = (ConfigAttribute) configIter.next();
logger.debug("Config Attribute : " + configAttribute.getAttribute());
if (configAttribute.getAttribute().startsWith(ROLE_PREFIX)) {
if (voter instanceof RoleVoter) {
logger.debug("The Voter is RoleVoter");
VoterConfigTuple tuple = new VoterConfigTuple();
tuple.setConfigAttribute(configAttribute);
tuple.setVoter(voter);
roleVoterConfigTuple.add(tuple);
logger.info(
"The Voting tuple added voter: "
+ voter.toString()
+ " and ConfigAttribute: "
+ configAttribute.getAttribute());
}
} else if (!(voter instanceof RoleVoter)) {
logger.debug("The Voter is not a Role Voter");
VoterConfigTuple tuple = new VoterConfigTuple();
tuple.setConfigAttribute(configAttribute);
tuple.setVoter(voter);
aclVoterConfigTuple.add(tuple);
logger.info(
"The Voting tuple added voter: "
+ voter.toString()
+ " and ConfigAttribute: "
+ configAttribute.getAttribute());
}
}
}
logger.info("Start voting with Role voters config");
for (VoterConfigTuple voterConfigTuple : roleVoterConfigTuple) {
int result = getVotingResult(authentication, object, voterConfigTuple);
if (result == AccessDecisionVoter.ACCESS_GRANTED) {
return;
}
}
logger.info("Start voting with Acl voters config");
for (VoterConfigTuple voterConfigTuple : aclVoterConfigTuple) {
int result = getVotingResult(authentication, object, voterConfigTuple);
logger.info("The voting result is: " + result);
switch (result) {
case AccessDecisionVoter.ACCESS_GRANTED:
{
grant++;
break;
}
case AccessDecisionVoter.ACCESS_DENIED:
{
throw new AccessDeniedException(
messages.getMessage(
"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
}
default:
{
abstain++;
break;
}
}
}
// To get this far, there were no deny votes
if (grant > 0) {
return;
}
// To get this far, every AccessDecisionVoter abstained
checkAllowIfAllAbstainDecisions();
}
