From a42dec6fbff09f7c43b8932abb7a1ae4b275e91f Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Thu, 3 Nov 2005 12:56:27 +0000
Subject: [PATCH] SEC-21: Initial commit.

---
 .../vote/AuthenticatedVoter.java              | 144 ++++++++++++++++++
 .../vote/AuthenticatedVoterTests.java         | 135 ++++++++++++++++
 2 files changed, 279 insertions(+)
 create mode 100644 core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java
 create mode 100644 core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java

diff --git a/core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java b/core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java
new file mode 100644
index 0000000000..7ee05b7420
--- /dev/null
+++ b/core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java
@@ -0,0 +1,144 @@
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.vote;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.AuthenticationTrustResolver;
+import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
+import net.sf.acegisecurity.ConfigAttribute;
+import net.sf.acegisecurity.ConfigAttributeDefinition;
+
+import org.springframework.util.Assert;
+
+import java.util.Iterator;
+
+
+/**
+ * <p>
+ * Votes if a {@link ConfigAttribute#getAttribute()} of
+ * <code>IS_AUTHENTICATED_FULLY</code> or
+ * <code>IS_AUTHENTICATED_REMEMBERED</code> or
+ * <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in order
+ * of most strict checking to least strict checking.
+ * </p>
+ * 
+ * <p>
+ * The current <code>Authentication</code> will be inspected to determine if
+ * the principal has a particular level of authentication. The "FULLY"
+ * authenticated option means the user is authenticated fully (ie {@link
+ * net.sf.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)}
+ * is false and {@link
+ * net.sf.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)}
+ * is false. The "REMEMBERED" will grant access if the principal was either
+ * authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY"
+ * will grant access if the principal was authenticated via remember-me, OR
+ * anonymously, OR via full authentication.
+ * </p>
+ * 
+ * <p>
+ * All comparisons and prefixes are case sensitive.
+ * </p>
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class AuthenticatedVoter implements AccessDecisionVoter {
+    //~ Static fields/initializers =============================================
+
+    public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
+    public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
+    public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
+
+    //~ Instance fields ========================================================
+
+    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
+
+    //~ Methods ================================================================
+
+    public void setAuthenticationTrustResolver(
+        AuthenticationTrustResolver authenticationTrustResolver) {
+        Assert.notNull(authenticationTrustResolver,
+            "AuthenticationTrustResolver cannot be set to null");
+        this.authenticationTrustResolver = authenticationTrustResolver;
+    }
+
+    public boolean supports(ConfigAttribute attribute) {
+        if ((attribute.getAttribute() != null)
+            && (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
+            || IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
+            || IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * This implementation supports any type of class, because it does not
+     * query the presented secure object.
+     *
+     * @param clazz the secure object
+     *
+     * @return always <code>true</code>
+     */
+    public boolean supports(Class clazz) {
+        return true;
+    }
+
+    public int vote(Authentication authentication, Object object,
+        ConfigAttributeDefinition config) {
+        int result = ACCESS_ABSTAIN;
+        Iterator iter = config.getConfigAttributes();
+
+        while (iter.hasNext()) {
+            ConfigAttribute attribute = (ConfigAttribute) iter.next();
+
+            if (this.supports(attribute)) {
+                result = ACCESS_DENIED;
+
+                if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
+                    if (isFullyAuthenticated(authentication)) {
+                        return ACCESS_GRANTED;
+                    }
+                }
+
+                if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
+                    if (authenticationTrustResolver.isRememberMe(authentication)
+                        || isFullyAuthenticated(authentication)) {
+                        return ACCESS_GRANTED;
+                    }
+                }
+
+                if (IS_AUTHENTICATED_ANONYMOUSLY.equals(
+                        attribute.getAttribute())) {
+                    if (authenticationTrustResolver.isAnonymous(authentication)
+                        || isFullyAuthenticated(authentication)
+                        || authenticationTrustResolver.isRememberMe(
+                            authentication)) {
+                        return ACCESS_GRANTED;
+                    }
+                }
+            }
+        }
+
+        return result;
+    }
+
+    private boolean isFullyAuthenticated(Authentication authentication) {
+        return (!authenticationTrustResolver.isAnonymous(authentication)
+        && !authenticationTrustResolver.isRememberMe(authentication));
+    }
+}
diff --git a/core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java b/core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java
new file mode 100644
index 0000000000..b40dfa8010
--- /dev/null
+++ b/core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java
@@ -0,0 +1,135 @@
+/* Copyright 2004, 2005 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.vote;
+
+import junit.framework.TestCase;
+
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.ConfigAttributeDefinition;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.SecurityConfig;
+import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
+
+
+/**
+ * Tests {@link AuthenticatedVoter}.
+ *
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class AuthenticatedVoterTests extends TestCase {
+    //~ Constructors ===========================================================
+
+    public AuthenticatedVoterTests() {
+        super();
+    }
+
+    public AuthenticatedVoterTests(String arg0) {
+        super(arg0);
+    }
+
+    //~ Methods ================================================================
+
+    public final void setUp() throws Exception {
+        super.setUp();
+    }
+
+    public static void main(String[] args) {
+        junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
+    }
+
+    public void testAnonymousWorks() {
+        AuthenticatedVoter voter = new AuthenticatedVoter();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        def.addConfigAttribute(new SecurityConfig(
+                AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createAnonymous(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createRememberMe(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createFullyAuthenticated(), null, def));
+    }
+
+    public void testFullyWorks() {
+        AuthenticatedVoter voter = new AuthenticatedVoter();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        def.addConfigAttribute(new SecurityConfig(
+                AuthenticatedVoter.IS_AUTHENTICATED_FULLY));
+        assertEquals(AccessDecisionVoter.ACCESS_DENIED,
+            voter.vote(createAnonymous(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_DENIED,
+            voter.vote(createRememberMe(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createFullyAuthenticated(), null, def));
+    }
+
+    public void testRememberMeWorks() {
+        AuthenticatedVoter voter = new AuthenticatedVoter();
+        ConfigAttributeDefinition def = new ConfigAttributeDefinition();
+        def.addConfigAttribute(new SecurityConfig(
+                AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED));
+        assertEquals(AccessDecisionVoter.ACCESS_DENIED,
+            voter.vote(createAnonymous(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createRememberMe(), null, def));
+        assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
+            voter.vote(createFullyAuthenticated(), null, def));
+    }
+
+    public void testSetterRejectsNull() {
+        AuthenticatedVoter voter = new AuthenticatedVoter();
+
+        try {
+            voter.setAuthenticationTrustResolver(null);
+            fail("Expected IAE");
+        } catch (IllegalArgumentException expected) {
+            assertTrue(true);
+        }
+    }
+
+    public void testSupports() {
+        AuthenticatedVoter voter = new AuthenticatedVoter();
+        assertTrue(voter.supports(String.class));
+        assertTrue(voter.supports(
+                new SecurityConfig(
+                    AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY)));
+        assertTrue(voter.supports(
+                new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY)));
+        assertTrue(voter.supports(
+                new SecurityConfig(
+                    AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED)));
+        assertFalse(voter.supports(new SecurityConfig("FOO")));
+    }
+
+    private Authentication createAnonymous() {
+        return new AnonymousAuthenticationToken("ignored", "ignored",
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
+    }
+
+    private Authentication createFullyAuthenticated() {
+        return new UsernamePasswordAuthenticationToken("ignored", "ignored",
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
+    }
+
+    private Authentication createRememberMe() {
+        return new RememberMeAuthenticationToken("ignored", "ignored",
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
+    }
+}