GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-21: Initial commit.

1.0.x
Ben Alex 21 years ago
parent
eae6f81177
commit
a42dec6fbf
2 changed files with 279 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 144
      core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java
  2. 135
      core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java

144
core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java
Unescape View File

@ -0,0 +1,144 @@ @@ -0,0 +1,144 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationTrustResolver;
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import java.util.Iterator;
/**
* <p>
* Votes if a {@link ConfigAttribute#getAttribute()} of
* <code>IS_AUTHENTICATED_FULLY</code> or
* <code>IS_AUTHENTICATED_REMEMBERED</code> or
* <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in order
* of most strict checking to least strict checking.
* </p>
*
* <p>
* The current <code>Authentication</code> will be inspected to determine if
* the principal has a particular level of authentication. The "FULLY"
* authenticated option means the user is authenticated fully (ie {@link
* net.sf.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)}
* is false and {@link
* net.sf.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)}
* is false. The "REMEMBERED" will grant access if the principal was either
* authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY"
* will grant access if the principal was authenticated via remember-me, OR
* anonymously, OR via full authentication.
* </p>
*
* <p>
* All comparisons and prefixes are case sensitive.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticatedVoter implements AccessDecisionVoter {
//~ Static fields/initializers =============================================
public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
//~ Instance fields ========================================================
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
//~ Methods ================================================================
public void setAuthenticationTrustResolver(
AuthenticationTrustResolver authenticationTrustResolver) {
Assert.notNull(authenticationTrustResolver,
"AuthenticationTrustResolver cannot be set to null");
this.authenticationTrustResolver = authenticationTrustResolver;
}
public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null)
&& (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
|| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
return true;
} else {
return false;
}
}
/**
* This implementation supports any type of class, because it does not
* query the presented secure object.
*
* @param clazz the secure object
*
* @return always <code>true</code>
*/
public boolean supports(Class clazz) {
return true;
}
public int vote(Authentication authentication, Object object,
ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
if (isFullyAuthenticated(authentication)) {
return ACCESS_GRANTED;
}
}
if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
if (authenticationTrustResolver.isRememberMe(authentication)
|| isFullyAuthenticated(authentication)) {
return ACCESS_GRANTED;
}
}
if (IS_AUTHENTICATED_ANONYMOUSLY.equals(
attribute.getAttribute())) {
if (authenticationTrustResolver.isAnonymous(authentication)
|| isFullyAuthenticated(authentication)
|| authenticationTrustResolver.isRememberMe(
authentication)) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
private boolean isFullyAuthenticated(Authentication authentication) {
return (!authenticationTrustResolver.isAnonymous(authentication)
&& !authenticationTrustResolver.isRememberMe(authentication));
}
}

135
core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java
Unescape View File

@ -0,0 +1,135 @@ @@ -0,0 +1,135 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
/**
* Tests {@link AuthenticatedVoter}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticatedVoterTests extends TestCase {
//~ Constructors ===========================================================
public AuthenticatedVoterTests() {
super();
}
public AuthenticatedVoterTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
}
public void testAnonymousWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testFullyWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_FULLY));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testRememberMeWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testSetterRejectsNull() {
AuthenticatedVoter voter = new AuthenticatedVoter();
try {
voter.setAuthenticationTrustResolver(null);
fail("Expected IAE");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testSupports() {
AuthenticatedVoter voter = new AuthenticatedVoter();
assertTrue(voter.supports(String.class));
assertTrue(voter.supports(
new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY)));
assertTrue(voter.supports(
new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY)));
assertTrue(voter.supports(
new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED)));
assertFalse(voter.supports(new SecurityConfig("FOO")));
}
private Authentication createAnonymous() {
return new AnonymousAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
private Authentication createFullyAuthenticated() {
return new UsernamePasswordAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
private Authentication createRememberMe() {
return new RememberMeAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
}
Write Preview
Loading…
Cancel
Save