Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-21: Initial commit.

This commit is contained in:
Ben Alex 2005-11-03 12:56:27 +00:00
parent eae6f81177
commit a42dec6fbf
2 changed files with 279 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
core/src/main/java/org/acegisecurity/vote/AuthenticatedVoter.java Normal file
View File

@ -0,0 +1,144 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationTrustResolver;
import net.sf.acegisecurity.AuthenticationTrustResolverImpl;
import net.sf.acegisecurity.ConfigAttribute;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import org.springframework.util.Assert;
import java.util.Iterator;
/**
* <p>
* Votes if a {@link ConfigAttribute#getAttribute()} of
* <code>IS_AUTHENTICATED_FULLY</code> or
* <code>IS_AUTHENTICATED_REMEMBERED</code> or
* <code>IS_AUTHENTICATED_ANONYMOUSLY</code> is present. This list is in order
* of most strict checking to least strict checking.
* </p>
*
* <p>
* The current <code>Authentication</code> will be inspected to determine if
* the principal has a particular level of authentication. The "FULLY"
* authenticated option means the user is authenticated fully (ie {@link
* net.sf.acegisecurity.AuthenticationTrustResolver#isAnonymous(Authentication)}
* is false and {@link
* net.sf.acegisecurity.AuthenticationTrustResolver#isRememberMe(Authentication)}
* is false. The "REMEMBERED" will grant access if the principal was either
* authenticated via remember-me OR is fully authenticated. The "ANONYMOUSLY"
* will grant access if the principal was authenticated via remember-me, OR
* anonymously, OR via full authentication.
* </p>
*
* <p>
* All comparisons and prefixes are case sensitive.
* </p>
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticatedVoter implements AccessDecisionVoter {
//~ Static fields/initializers =============================================
public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
public static final String IS_AUTHENTICATED_REMEMBERED = "IS_AUTHENTICATED_REMEMBERED";
public static final String IS_AUTHENTICATED_ANONYMOUSLY = "IS_AUTHENTICATED_ANONYMOUSLY";
//~ Instance fields ========================================================
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
//~ Methods ================================================================
public void setAuthenticationTrustResolver(
AuthenticationTrustResolver authenticationTrustResolver) {
Assert.notNull(authenticationTrustResolver,
"AuthenticationTrustResolver cannot be set to null");
this.authenticationTrustResolver = authenticationTrustResolver;
}
public boolean supports(ConfigAttribute attribute) {
if ((attribute.getAttribute() != null)
&& (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())
|| IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())
|| IS_AUTHENTICATED_ANONYMOUSLY.equals(attribute.getAttribute()))) {
return true;
} else {
return false;
}
}
/**
* This implementation supports any type of class, because it does not
* query the presented secure object.
*
* @param clazz the secure object
*
* @return always <code>true</code>
*/
public boolean supports(Class clazz) {
return true;
}
public int vote(Authentication authentication, Object object,
ConfigAttributeDefinition config) {
int result = ACCESS_ABSTAIN;
Iterator iter = config.getConfigAttributes();
while (iter.hasNext()) {
ConfigAttribute attribute = (ConfigAttribute) iter.next();
if (this.supports(attribute)) {
result = ACCESS_DENIED;
if (IS_AUTHENTICATED_FULLY.equals(attribute.getAttribute())) {
if (isFullyAuthenticated(authentication)) {
return ACCESS_GRANTED;
}
}
if (IS_AUTHENTICATED_REMEMBERED.equals(attribute.getAttribute())) {
if (authenticationTrustResolver.isRememberMe(authentication)
|| isFullyAuthenticated(authentication)) {
return ACCESS_GRANTED;
}
}
if (IS_AUTHENTICATED_ANONYMOUSLY.equals(
attribute.getAttribute())) {
if (authenticationTrustResolver.isAnonymous(authentication)
|| isFullyAuthenticated(authentication)
|| authenticationTrustResolver.isRememberMe(
authentication)) {
return ACCESS_GRANTED;
}
}
}
}
return result;
}
private boolean isFullyAuthenticated(Authentication authentication) {
return (!authenticationTrustResolver.isAnonymous(authentication)
&& !authenticationTrustResolver.isRememberMe(authentication));
}
}

135
core/src/test/java/org/acegisecurity/vote/AuthenticatedVoterTests.java Normal file
View File

@ -0,0 +1,135 @@
/* Copyright 2004, 2005 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.vote;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.ConfigAttributeDefinition;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.SecurityConfig;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
/**
* Tests {@link AuthenticatedVoter}.
*
* @author Ben Alex
* @version $Id$
*/
public class AuthenticatedVoterTests extends TestCase {
//~ Constructors ===========================================================
public AuthenticatedVoterTests() {
super();
}
public AuthenticatedVoterTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AuthenticatedVoterTests.class);
}
public void testAnonymousWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testFullyWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_FULLY));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testRememberMeWorks() {
AuthenticatedVoter voter = new AuthenticatedVoter();
ConfigAttributeDefinition def = new ConfigAttributeDefinition();
def.addConfigAttribute(new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED));
assertEquals(AccessDecisionVoter.ACCESS_DENIED,
voter.vote(createAnonymous(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createRememberMe(), null, def));
assertEquals(AccessDecisionVoter.ACCESS_GRANTED,
voter.vote(createFullyAuthenticated(), null, def));
}
public void testSetterRejectsNull() {
AuthenticatedVoter voter = new AuthenticatedVoter();
try {
voter.setAuthenticationTrustResolver(null);
fail("Expected IAE");
} catch (IllegalArgumentException expected) {
assertTrue(true);
}
}
public void testSupports() {
AuthenticatedVoter voter = new AuthenticatedVoter();
assertTrue(voter.supports(String.class));
assertTrue(voter.supports(
new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_ANONYMOUSLY)));
assertTrue(voter.supports(
new SecurityConfig(AuthenticatedVoter.IS_AUTHENTICATED_FULLY)));
assertTrue(voter.supports(
new SecurityConfig(
AuthenticatedVoter.IS_AUTHENTICATED_REMEMBERED)));
assertFalse(voter.supports(new SecurityConfig("FOO")));
}
private Authentication createAnonymous() {
return new AnonymousAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
private Authentication createFullyAuthenticated() {
return new UsernamePasswordAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
private Authentication createRememberMe() {
return new RememberMeAuthenticationToken("ignored", "ignored",
new GrantedAuthority[] {new GrantedAuthorityImpl("ignored")});
}
}