From 563ac1324c055844135f9c42d94e9afc87ed6a3f Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Tue, 23 May 2006 11:11:21 +0000
Subject: [PATCH] SEC-263: Stop polling voters after first one votes to deny.

---
 .../acegisecurity/vote/UnanimousBased.java    | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/core/src/main/java/org/acegisecurity/vote/UnanimousBased.java b/core/src/main/java/org/acegisecurity/vote/UnanimousBased.java
index 92530f117a..6c1a755ab8 100644
--- a/core/src/main/java/org/acegisecurity/vote/UnanimousBased.java
+++ b/core/src/main/java/org/acegisecurity/vote/UnanimousBased.java
@@ -1,4 +1,4 @@
-/* Copyright 2004, 2005 Acegi Technology Pty Limited
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,13 +15,13 @@
 
 package org.acegisecurity.vote;
 
-import java.util.Iterator;
-
 import org.acegisecurity.AccessDeniedException;
 import org.acegisecurity.Authentication;
 import org.acegisecurity.ConfigAttribute;
 import org.acegisecurity.ConfigAttributeDefinition;
 
+import java.util.Iterator;
+
 
 /**
  * Simple concrete implementation of  {@link
@@ -60,7 +60,6 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
     public void decide(Authentication authentication, Object object,
         ConfigAttributeDefinition config) throws AccessDeniedException {
         int grant = 0;
-        int deny = 0;
         int abstain = 0;
 
         Iterator configIter = config.getConfigAttributes();
@@ -82,9 +81,9 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
                     break;
 
                 case AccessDecisionVoter.ACCESS_DENIED:
-                    deny++;
-
-                    break;
+                    throw new AccessDeniedException(messages.getMessage(
+                            "AbstractAccessDecisionManager.accessDenied",
+                            "Access is denied"));
 
                 default:
                     abstain++;
@@ -94,12 +93,6 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
             }
         }
 
-        if (deny > 0) {
-            throw new AccessDeniedException(messages.getMessage(
-                    "AbstractAccessDecisionManager.accessDenied",
-                    "Access is denied"));
-        }
-
         // To get this far, there were no deny votes
         if (grant > 0) {
             return;