org.pentaho.platform.engine.security
Class PentahoSubstringRoleVoter

java.lang.Object
  extended by org.pentaho.platform.engine.security.PentahoSubstringRoleVoter
All Implemented Interfaces:
org.springframework.security.vote.AccessDecisionVoter

public class PentahoSubstringRoleVoter
extends Object
implements org.springframework.security.vote.AccessDecisionVoter

Similar to RoleVoter except that it does not use a role prefix; instead it uses a config attribute prefix which serves a similar, but not the same, purpose. In RoleVoter, the role prefix serves as an indicator to the RoleVoter to participate in the voting. RoleVoter assumes that the config attributes are role names. In this voter implementation, the processConfigAttributePrefix is stripped from the config attribute before comparison to the roles granted to the user.

For example, assume that a user has the role Authenticated. Also assume that the config attribute for a method invocation is VOTE_ROLE_FILE_Authenticated. Finally assume that this voter instance is configured with a processConfigAttributePrefix of VOTE_ROLE_FILE_. This voter implementation will strip the processConfigAttributePrefix from the config attribute and compare to the roles granted to the user. In this example, access will be granted.

Author:
mlowery

Field Summary
 
Fields inherited from interface org.springframework.security.vote.AccessDecisionVoter
ACCESS_ABSTAIN, ACCESS_DENIED, ACCESS_GRANTED
 
Constructor Summary
PentahoSubstringRoleVoter(String processConfigAttributePrefix)
           
 
Method Summary
 boolean supports(Class clazz)
          This implementation supports any type of class, because it does not query the presented secure object.
 boolean supports(org.springframework.security.ConfigAttribute attribute)
           
 int vote(org.springframework.security.Authentication authentication, Object object, org.springframework.security.ConfigAttributeDefinition config)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PentahoSubstringRoleVoter

public PentahoSubstringRoleVoter(String processConfigAttributePrefix)
Method Detail

supports

public boolean supports(org.springframework.security.ConfigAttribute attribute)
Specified by:
supports in interface org.springframework.security.vote.AccessDecisionVoter

supports

public boolean supports(Class clazz)
This implementation supports any type of class, because it does not query the presented secure object.

Specified by:
supports in interface org.springframework.security.vote.AccessDecisionVoter
Parameters:
clazz - the secure object
Returns:
always true

vote

public int vote(org.springframework.security.Authentication authentication,
                Object object,
                org.springframework.security.ConfigAttributeDefinition config)
Specified by:
vote in interface org.springframework.security.vote.AccessDecisionVoter