dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #16356
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 6201: fixed bug with LogicalOrAccessDecisionManager, assumed all decisionManagers could handle same type
------------------------------------------------------------
revno: 6201
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2012-03-07 13:44:54 +0100
message:
fixed bug with LogicalOrAccessDecisionManager, assumed all decisionManagers could handle same type
modified:
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/LogicalOrAccessDecisionManager.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/LogicalOrAccessDecisionManager.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/LogicalOrAccessDecisionManager.java 2011-12-26 10:07:59 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/vote/LogicalOrAccessDecisionManager.java 2012-03-07 12:44:54 +0000
@@ -27,10 +27,6 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.access.AccessDecisionManager;
@@ -39,13 +35,17 @@
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+
/**
* AccessDecisionManager which delegates to other AccessDecisionManagers in a
* logical or fashion. Delegation is stopped at the first positive answer from
* the delegates, where the order of execution is defined by the list of
* AccessDecisionManagers. So if the first AccessDecisionManager grants access
- * for a specific target, no other AccessDecisionManager is questioned.
- *
+ * for a specific target, no other AccessDecisionManager is questioned.
+ *
* @author Torgeir Lorange Ostby
* @version $Id: LogicalOrAccessDecisionManager.java 6335 2008-11-20 11:11:26Z larshelg $
*/
@@ -74,21 +74,24 @@
for ( AccessDecisionManager accessDecisionManager : accessDecisionManagers )
{
- try
- {
- accessDecisionManager.decide( authentication, object, configAttributes );
-
- LOG.debug( "ACCESS GRANTED [" + object.toString() + "]" );
-
- return;
- }
- catch ( AccessDeniedException e )
- {
- ade = e;
- }
- catch ( InsufficientAuthenticationException e )
- {
- iae = e;
+ // we can't assume that all decision managers can support the same type, so we need to check for
+ // every request.
+ if ( accessDecisionManager.supports( object.getClass() ) )
+ {
+ try
+ {
+ accessDecisionManager.decide( authentication, object, configAttributes );
+
+ LOG.debug( "ACCESS GRANTED [" + object.toString() + "]" );
+
+ return;
+ } catch ( AccessDeniedException e )
+ {
+ ade = e;
+ } catch ( InsufficientAuthenticationException e )
+ {
+ iae = e;
+ }
}
}