Package org.duracloud.security.vote
Class SpaceReadAccessVoter
- java.lang.Object
-
- org.duracloud.security.vote.SpaceAccessVoter
-
- org.duracloud.security.vote.SpaceReadAccessVoter
-
- All Implemented Interfaces:
org.springframework.security.access.AccessDecisionVoter
public class SpaceReadAccessVoter extends SpaceAccessVoter
This class decides if a caller has READ access to a given resource. If the caller is seeking WRITE access to this resource, this class abstains from casting a vote.- Author:
- Andrew Woods Date: 11/18/11
-
-
Constructor Summary
Constructors Constructor Description SpaceReadAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)SpaceReadAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, List<String> pathExemptions)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description intvote(org.springframework.security.core.Authentication auth, Object resource, Collection config)This method checks the Access and ACL state of the arg resource (space and provider) and denies access to principals if they are anonymous and the space is CLOSED, or if they do not have a READ ACL for the space.-
Methods inherited from class org.duracloud.security.vote.SpaceAccessVoter
extractSpaceId, getContentId, getHttpServletRequest, getHttpVerb, getSpaceACLs, getSpaceACLs, getSpaceId, getStorageProviderFactory, getStoreId, getUserGroups, groupsHaveReadAccess, groupsHaveWriteAccess, hasContentId, hasReadAccess, hasWriteAccess, isAdmin, isOpenResource, isSnapshotMetadataSpace, supports, supports
-
-
-
-
Constructor Detail
-
SpaceReadAccessVoter
public SpaceReadAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)
-
SpaceReadAccessVoter
public SpaceReadAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, List<String> pathExemptions)
- Parameters:
storageProviderFactory-userDetailsService-pathExemptions- A list of regular expressions designating path info strings allowable for users.
-
-
Method Detail
-
vote
public int vote(org.springframework.security.core.Authentication auth, Object resource, Collection config)This method checks the Access and ACL state of the arg resource (space and provider) and denies access to principals if they are anonymous and the space is CLOSED, or if they do not have a READ ACL for the space.- Parameters:
auth- principal seeking AuthZresource- that is under protectionconfig- access-attributes defined on resource- Returns:
- vote (AccessDecisionVoter.ACCESS_GRANTED, ACCESS_DENIED, ACCESS_ABSTAIN)
-
-