org.duracloud.security.vote

Class SpaceWriteAccessVoter

java.lang.Object

org.duracloud.security.vote.SpaceAccessVoter

org.duracloud.security.vote.SpaceWriteAccessVoter

All Implemented Interfaces:

org.springframework.security.access.AccessDecisionVoter

public class SpaceWriteAccessVoter
extends SpaceAccessVoter

This class decides if a caller has WRITE access to a given resource. If the caller is seeking READ access to this resource, this class abstains from casting a vote.

Author:

Andrew Woods Date: 11/18/11

Field Summary

Fields inherited from interface org.springframework.security.access.AccessDecisionVoter

ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED

Constructor Summary

Constructors

Constructor and Description
SpaceWriteAccessVoter(StorageProviderFactory storageProviderFactory, org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Summary

Methods

Modifier and Type	Method and Description
int	vote(org.springframework.security.core.Authentication auth, Object resource, Collection config) This method checks the ACL state of the arg resource (space and provider) and denies access to principals if they are anonymous or if they do not have a WRITE ACL for the space.

Methods inherited from class org.duracloud.security.vote.SpaceAccessVoter

getHttpServletRequest, getHttpVerb, getSpaceACLs, getSpaceId, getStorageProvider, getStorageProviderFactory, getStoreId, getUserGroups, groupsHaveReadAccess, groupsHaveWriteAccess, hasContentId, hasReadAccess, hasWriteAccess, isAdmin, isOpenResource, supports, supports

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SpaceWriteAccessVoter

public SpaceWriteAccessVoter(StorageProviderFactory storageProviderFactory,
                     org.springframework.security.core.userdetails.UserDetailsService userDetailsService)

Method Detail

vote

public int vote(org.springframework.security.core.Authentication auth,
       Object resource,
       Collection config)

This method checks the ACL state of the arg resource (space and provider) and denies access to principals if they are anonymous or if they do not have a WRITE ACL for the space.

Parameters:

auth - principal seeking AuthZ

resource - that is under protection

config - access-attributes defined on resource

Returns:

vote (AccessDecisionVoter.ACCESS_GRANTED, ACCESS_DENIED, ACCESS_ABSTAIN)