[Openutils-svn] SF.net SVN: openutils: [689] trunk/openutils-hibernate-security/src/main/ java/it/

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 689
          http://openutils.svn.sourceforge.net/openutils/?rev=689&view=rev
Author:   fcarone
Date:     2008-02-25 01:19:55 -0800 (Mon, 25 Feb 2008)

Log Message:
-----------
ABSTAIN if no rules found

Modified Paths:
--------------
    trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java

Modified: trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java
===================================================================

--- trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java	2008-02-25 09:17:52 UTC (rev 688)
+++ trunk/openutils-hibernate-security/src/main/java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter.java	2008-02-25 09:19:55 UTC (rev 689)
@@ -32,6 +32,10 @@
 /**
  * @author fcarone
  * @version $Id$
+ *
+ * This voter looks for rules based on the given object and votes ACCESS_ABSTAIN if no rules are found, ACCESS_DENIED
+ * if rules do not match, ACCESS_GRANTED otherwise.
+ *
  */
 public class SecurityRuleAccessDecisionVoter extends SecurityRuleBaseHandler implements AccessDecisionVoter
 {
@@ -59,21 +63,19 @@
             {
                 log.debug("Evaluating argument {}", argument);
                 List<SecurityRule> rules = securityRuleManager.getRulesForRoles(ruleUtils.getClassName(argument), roles);
-                boolean permissionMatches = ruleUtils.checkPermissions(rules, config);
-                if (!permissionMatches)
+                if (rules == null || rules.isEmpty())
                 {
-                    return ACCESS_DENIED;
+                    continue;
                 }
-
-                boolean areRulesMatching = ruleUtils.checkRules(rules, argument);
-                if (!areRulesMatching)
+                if (ruleUtils.checkPermissions(rules, config) && ruleUtils.checkRules(rules, argument))
                 {
-                    return ACCESS_DENIED;
+                    return ACCESS_GRANTED;
                 }
+                return ACCESS_DENIED;
             }
         }
 
-        return ACCESS_GRANTED;
+        return ACCESS_ABSTAIN;
     }
 
     /**


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.




[Openutils-svn] SF.net SVN: openutils: [689] trunk/openutils-hibernate-security/src/main/ java/it/

[Openutils-svn] SF.net SVN: openutils: [689] trunk/openutils-hibernate-security/src/main/ java/it/openutils/hibernate/security/filter/SecurityRuleAccessDecisionVoter .java