Reflect new secure object API, which is no longer bound to MethodInvocations.

core/src/main/java/org/acegisecurity/runas/RunAsManagerImpl.java

@@ -22,8 +22,6 @@ import net.sf.acegisecurity.GrantedAuthority;
 import net.sf.acegisecurity.GrantedAuthorityImpl;
 import net.sf.acegisecurity.RunAsManager;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import org.springframework.beans.factory.InitializingBean;
 
 import java.util.Iterator;
@@ -72,7 +70,7 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
     }
 
     public Authentication buildRunAs(Authentication authentication,
-        MethodInvocation invocation, ConfigAttributeDefinition config) {
+        Object object, ConfigAttributeDefinition config) {
         List newAuthorities = new Vector();
         Iterator iter = config.getConfigAttributes();
 
@@ -111,4 +109,16 @@ public class RunAsManagerImpl implements RunAsManager, InitializingBean {
             return false;
         }
     }
+
+    /**
+     * This implementation supports any type of class, because it does not
+     * query the presented secure object.
+     *
+     * @param clazz the secure object
+     *
+     * @return alwaus <code>true</code>
+     */
+    public boolean supports(Class clazz) {
+        return true;
+    }
 }

core/src/main/java/org/acegisecurity/vote/AbstractAccessDecisionManager.java

@@ -98,6 +98,33 @@ public abstract class AbstractAccessDecisionManager
         return false;
     }
 
+    /**
+     * Iterates through all <code>AccessDecisionVoter</code>s and ensures each
+     * can support the presented class.
+     * 
+     * <p>
+     * If one or more voters cannot support the presented class,
+     * <code>false</code> is returned.
+     * </p>
+     *
+     * @param clazz DOCUMENT ME!
+     *
+     * @return DOCUMENT ME!
+     */
+    public boolean supports(Class clazz) {
+        Iterator iter = this.decisionVoters.iterator();
+
+        while (iter.hasNext()) {
+            AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
+
+            if (!voter.supports(clazz)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
     private void checkIfValidList(List listToCheck) {
         if ((listToCheck == null) || (listToCheck.size() == 0)) {
             throw new IllegalArgumentException(

core/src/main/java/org/acegisecurity/vote/AccessDecisionVoter.java

@@ -19,8 +19,6 @@ import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.ConfigAttribute;
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 
 /**
  * Indicates a class is responsible for voting on authorization decisions.
@@ -61,6 +59,17 @@ public interface AccessDecisionVoter {
      */
     public boolean supports(ConfigAttribute attribute);
 
+    /**
+     * Indicates whether the <code>AccessDecisionVoter</code> implementation is
+     * able to provide access control votes for the indicated secured object
+     * type.
+     *
+     * @param clazz the class that is being queried
+     *
+     * @return true if the implementation can process the indicated class
+     */
+    public boolean supports(Class clazz);
+
     /**
      * Indicates whether or not access is granted.
      * 
@@ -91,13 +100,13 @@ public interface AccessDecisionVoter {
      * </p>
      *
      * @param authentication the caller invoking the method
-     * @param invocation the method being called
+     * @param object the secured object
      * @param config the configuration attributes associated with the method
      *        being invoked
      *
      * @return either {@link #ACCESS_GRANTED}, {@link #ACCESS_ABSTAIN} or
      *         {@link #ACCESS_DENIED}
      */
-    public int vote(Authentication authentication, MethodInvocation invocation,
+    public int vote(Authentication authentication, Object object,
         ConfigAttributeDefinition config);
 }

core/src/main/java/org/acegisecurity/vote/AffirmativeBased.java

@@ -19,8 +19,6 @@ import net.sf.acegisecurity.AccessDeniedException;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -55,21 +53,20 @@ public class AffirmativeBased extends AbstractAccessDecisionManager {
      * </p>
      *
      * @param authentication the caller invoking the method
-     * @param invocation the method being called
+     * @param object the secured object
      * @param config the configuration attributes associated with the method
      *        being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication,
-        MethodInvocation invocation, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
+    public void decide(Authentication authentication, Object object,
+        ConfigAttributeDefinition config) throws AccessDeniedException {
         Iterator iter = this.getDecisionVoters().iterator();
         int deny = 0;
 
         while (iter.hasNext()) {
             AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
-            int result = voter.vote(authentication, invocation, config);
+            int result = voter.vote(authentication, object, config);
 
             switch (result) {
             case AccessDecisionVoter.ACCESS_GRANTED:

core/src/main/java/org/acegisecurity/vote/ConsensusBased.java

@@ -19,8 +19,6 @@ import net.sf.acegisecurity.AccessDeniedException;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -73,15 +71,14 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
      * </p>
      *
      * @param authentication the caller invoking the method
-     * @param invocation the method being called
+     * @param object the secured object
      * @param config the configuration attributes associated with the method
      *        being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication,
-        MethodInvocation invocation, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
+    public void decide(Authentication authentication, Object object,
+        ConfigAttributeDefinition config) throws AccessDeniedException {
         Iterator iter = this.getDecisionVoters().iterator();
         int grant = 0;
         int deny = 0;
@@ -89,7 +86,7 @@ public class ConsensusBased extends AbstractAccessDecisionManager {
 
         while (iter.hasNext()) {
             AccessDecisionVoter voter = (AccessDecisionVoter) iter.next();
-            int result = voter.vote(authentication, invocation, config);
+            int result = voter.vote(authentication, object, config);
 
             switch (result) {
             case AccessDecisionVoter.ACCESS_GRANTED:

core/src/main/java/org/acegisecurity/vote/RoleVoter.java

@@ -19,8 +19,6 @@ import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.ConfigAttribute;
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import java.util.Iterator;
 
 
@@ -56,7 +54,19 @@ public class RoleVoter implements AccessDecisionVoter {
         }
     }
 
-    public int vote(Authentication authentication, MethodInvocation invocation,
+    /**
+     * This implementation supports any type of class, because it does not
+     * query the presented secure object.
+     *
+     * @param clazz the secure object
+     *
+     * @return always <code>true</code>
+     */
+    public boolean supports(Class clazz) {
+        return true;
+    }
+
+    public int vote(Authentication authentication, Object object,
         ConfigAttributeDefinition config) {
         int result = ACCESS_ABSTAIN;
         Iterator iter = config.getConfigAttributes();

core/src/main/java/org/acegisecurity/vote/UnanimousBased.java

@@ -20,8 +20,6 @@ import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.ConfigAttribute;
 import net.sf.acegisecurity.ConfigAttributeDefinition;
 
-import org.aopalliance.intercept.MethodInvocation;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -63,15 +61,14 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
      * </p>
      *
      * @param authentication the caller invoking the method
-     * @param invocation the method being called
+     * @param object the secured object
      * @param config the configuration attributes associated with the method
      *        being invoked
      *
      * @throws AccessDeniedException if access is denied
      */
-    public void decide(Authentication authentication,
-        MethodInvocation invocation, ConfigAttributeDefinition config)
-        throws AccessDeniedException {
+    public void decide(Authentication authentication, Object object,
+        ConfigAttributeDefinition config) throws AccessDeniedException {
         int grant = 0;
         int deny = 0;
         int abstain = 0;
@@ -86,7 +83,7 @@ public class UnanimousBased extends AbstractAccessDecisionManager {
 
             while (voters.hasNext()) {
                 AccessDecisionVoter voter = (AccessDecisionVoter) voters.next();
-                int result = voter.vote(authentication, invocation, thisDef);
+                int result = voter.vote(authentication, object, thisDef);
 
                 switch (result) {
                 case AccessDecisionVoter.ACCESS_GRANTED: